Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virus notifications


  • This topic is locked This topic is locked
12 replies to this topic

#1 Injigo

Injigo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 March 2015 - 07:13 AM

Hello, Bleeping Computer.

A family member has been having Anti-Virus popup notifications recently when browsing the web. Here is a screenshot: https://i.imgur.com/C5RqJoo.jpg

 

Below is the Farbar scan log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Main (administrator) on MAIN-PC on 29-03-2015 05:02:37
Running from D:\Firefox Downloads
Loaded Profiles: Main (Available profiles: Main & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\EASEUS\TrayPopup\TrayTipAgent.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk *   
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc039&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =  
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc039&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc039&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3329748851-216613655-1366542959-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc039&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3329748851-216613655-1366542959-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3329748851-216613655-1366542959-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc039&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-26] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2012-06-05] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3E327956-D22E-4A2C-9FEC-76B896FB184C}: [NameServer] 23.226.230.72,23.90.4.6
 
FireFox:
========
FF ProfilePath: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://www.msn.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-12-03] (Pando Networks)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-11-05] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-11-05] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKU\S-1-5-21-3329748851-216613655-1366542959-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-12-03] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-02-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-02-07] (Apple Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\https-everywhere@eff.org [2015-01-08]
FF Extension: UltraCoupon - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\mq_rrgijtxghnvk__o@pucrzlgkwh_qo.org [2015-03-03]
FF Extension: BetterPriCieCChec - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\OuaTQk6@w5mB.com [2015-03-16]
FF Extension: Perspectives - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\perspectives@cmu.edu [2014-11-15]
FF Extension: TiccTaCoupon - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\PkBGvM@a.com [2015-02-25]
FF Extension: LUcckyShOpper - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\qV@4.net [2015-02-25]
FF Extension: OpenDownload² - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2015-01-08]
FF Extension: WOT - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-15]
FF Extension: Adblock Edge - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-15]
FF HKU\S-1-5-21-3329748851-216613655-1366542959-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome:  
=======
CHR Profile: C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-26] (Avast Software s.r.o.)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-01-17] (Creative Labs) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-06-05] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
S4 Secunia PSI Agent; D:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
S4 Secunia Update Agent; D:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-11] (RaMMicHaeL)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 1999-12-31] ((Standard mouse types))
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-26] ()
S3 cpuz135; D:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-15] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-02-01] (REALiX™)
S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] () [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-29 05:02 - 2015-03-29 05:02 - 00000000 ____D () C:\FRST
2015-03-27 11:07 - 2015-03-27 11:08 - 00344392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 06:53 - 2015-03-27 06:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SumatraPDF
2015-03-27 06:48 - 2015-03-28 22:36 - 00000392 _____ () C:\Windows\setupact.log
2015-03-27 06:48 - 2015-03-27 06:48 - 00078400 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 06:48 - 2015-03-27 06:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 06:35 - 2015-03-27 06:35 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2015-03-27 06:17 - 2015-03-27 06:17 - 00021055 _____ () C:\Users\Administrator\Desktop\dds.txt
2015-03-27 06:17 - 2015-03-27 06:17 - 00005075 _____ () C:\Users\Administrator\Desktop\attach.txt
2015-03-27 06:15 - 2015-03-27 06:16 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2015-03-27 01:10 - 2015-03-27 04:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.purple
2015-03-27 01:10 - 2015-03-27 01:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\enchant
2015-03-27 00:01 - 2015-03-27 04:53 - 00000000 ____D () C:\SUPERDelete
2015-03-26 23:58 - 2015-03-26 23:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-26 23:57 - 2015-03-27 06:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-26 23:57 - 2015-03-26 23:57 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-26 23:57 - 2015-03-26 23:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-26 23:57 - 2015-03-26 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-26 23:48 - 2015-03-26 23:48 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-26 23:48 - 2015-03-26 23:48 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-19 12:48 - 2015-03-19 12:48 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-19 12:48 - 2015-03-19 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-16 09:28 - 2015-03-27 04:51 - 00000000 ____D () C:\Program Files (x86)\CloicKForSale
2015-03-16 09:28 - 2015-03-16 09:28 - 00000000 ____D () C:\Program Files (x86)\BetterPriCieCChec
2015-03-16 09:27 - 2015-03-16 09:27 - 00000000 ____D () C:\Program Files (x86)\One key Manger
2015-03-12 21:24 - 2015-03-12 21:24 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Wargaming.net
2015-03-11 10:29 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:29 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:29 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:29 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:29 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 10:29 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 10:29 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 10:29 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 10:29 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:29 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 10:29 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:29 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 10:29 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:29 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 10:29 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:29 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:29 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:29 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:29 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:29 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:29 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:29 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:29 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 10:29 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:29 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 10:29 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 10:29 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 10:29 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 10:29 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 10:29 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 10:29 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 10:29 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 10:29 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 10:29 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 10:29 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:29 - 2015-01-30 20:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 10:29 - 2015-01-30 20:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 10:29 - 2015-01-30 16:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 10:29 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 10:28 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:28 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:28 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:28 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:28 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:28 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:28 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:28 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:28 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 10:28 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 10:28 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 10:28 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 10:28 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 10:28 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 10:28 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 10:28 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:28 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:28 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 10:28 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 10:28 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 10:28 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 10:28 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 10:28 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 10:28 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:28 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:28 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:28 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:28 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:28 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:28 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:28 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:28 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:28 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:28 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 10:28 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:28 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 10:28 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 10:28 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 10:28 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 10:28 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 10:28 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:28 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 10:28 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 10:28 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 10:28 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 10:28 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 10:28 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 10:28 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:28 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:28 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:28 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 10:28 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 10:28 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 10:28 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 10:28 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 10:28 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 10:28 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:28 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:28 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 10:28 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 10:28 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 10:28 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 10:28 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:28 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:28 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:28 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 10:28 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 10:28 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:28 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:28 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 10:27 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:27 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:27 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:27 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:27 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:27 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:27 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:27 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:27 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:27 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:27 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:27 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:27 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-06 20:05 - 2015-03-06 20:05 - 00006557 _____ () C:\Users\Main\Desktop\New OpenDocument Spreadsheet.ods
2015-03-05 14:38 - 2015-03-27 04:51 - 00000000 ____D () C:\Program Files (x86)\ROyalCCoouoponi
2015-03-03 10:58 - 2015-03-03 10:58 - 00000079 _____ () C:\Program Files (x86)\prefs.js
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-29 04:26 - 2011-11-05 14:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 04:15 - 2012-04-09 13:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 01:16 - 2011-01-16 22:16 - 00000000 ____D () C:\Users\Main\AppData\Local\VirtualStore
2015-03-28 22:45 - 2009-07-13 21:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 22:45 - 2009-07-13 21:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 22:41 - 2015-01-08 05:16 - 01907628 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 22:37 - 2011-11-05 14:04 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 22:36 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 23:47 - 2009-07-13 22:13 - 00800448 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 23:41 - 2014-12-10 19:17 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Apple Computer
2015-03-27 23:34 - 2009-07-13 22:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 07:05 - 2012-12-25 15:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-27 06:21 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-03-27 06:11 - 2014-11-15 01:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-27 04:53 - 2013-12-14 20:33 - 00000000 ____D () C:\Windows\pss
2015-03-26 23:53 - 2014-10-11 19:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 23:52 - 2012-07-12 20:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-26 23:52 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-26 23:48 - 2014-11-15 01:37 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-26 23:48 - 2014-11-15 01:37 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-26 21:24 - 2014-11-10 02:26 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-24 20:50 - 2012-04-26 09:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-24 15:31 - 2014-09-02 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 20:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 12:48 - 2011-11-05 14:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 09:28 - 2015-02-25 11:16 - 00000000 ____D () C:\ProgramData\7148543670517373716
2015-03-13 14:21 - 2014-09-27 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-13 14:21 - 2014-01-15 09:01 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-13 14:12 - 2015-01-08 02:56 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-13 14:12 - 2014-09-27 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-11 17:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 17:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 11:29 - 2013-08-13 19:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 11:25 - 2011-01-17 00:41 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 14:38 - 2015-02-25 18:39 - 00000000 ____D () C:\Program Files (x86)\TiicTaaCOuupono
2015-03-05 14:38 - 2015-02-25 11:16 - 00000000 ____D () C:\Program Files (x86)\SalesiChueCker
2015-03-05 14:38 - 2015-02-25 11:16 - 00000000 ____D () C:\Program Files (x86)\KingCoupoNN
 
==================== Files in the root of some directories =======
 
2015-03-03 10:58 - 2015-03-03 10:58 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2011-01-17 04:44 - 2011-01-17 04:44 - 0000092 _____ () C:\Users\Main\AppData\Local\fusioncache.dat
2015-01-07 23:01 - 2015-01-07 23:01 - 0000218 _____ () C:\Users\Main\AppData\Local\recently-used.xbel
2011-12-02 01:47 - 2011-12-02 01:47 - 0000000 _____ () C:\Users\Main\AppData\Local\{F7219A06-ABC4-4CF0-B6B2-C1CA85235A26}
2011-09-12 12:04 - 2011-09-12 12:04 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Administrator\xobglu16.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-26 15:51
 
==================== End Of Log ============================


Edited by Injigo, 29 March 2015 - 07:41 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 29 March 2015 - 03:55 PM

Greetings Injigo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please move FRST.exe from your Download folder to the Desktop of the infected computer.

Running from D:\Firefox Downloads


If present, copy and paste the contents of the Addition.txt document you should find in D:\Firefox Downloads.

Please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
C:\Users\Administrator\xobglu16.dll
Folder: C:\ProgramData\7148543670517373716
Folder: C:\Users\Main\AppData\Local\{F7219A06-ABC4-4CF0-B6B2-C1CA85235A26}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Injigo

Injigo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 March 2015 - 06:16 PM

Hey Gary!

Thanks for your help on this. Just so you know, the computer we're working on is not within physical access to me. I'm using TeamViewer to troubleshoot this. I can however make a trip to said computer in case any tools require disconnection from the internet.

 

Since following your instructions, the anti-virus has quieted down. I've also moved FRST64.exe to the Desktop.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-29 14:15:30 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Main & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =   
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =   
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =  
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
C:\Users\Administrator\xobglu16.dll
Folder: C:\ProgramData\7148543670517373716
Folder: C:\Users\Main\AppData\Local\{F7219A06-ABC4-4CF0-B6B2-C1CA85235A26}
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
nvlddmkm => Service deleted successfully.
C:\Users\Administrator\xobglu16.dll => Moved successfully.
 
========================= Folder: C:\ProgramData\7148543670517373716 ========================
 
2015-02-25 18:39 - 2015-02-25 18:39 - 0000316 _____ () C:\ProgramData\7148543670517373716\093e84014faeb6d229547e3075573c1d.ini
2015-03-05 14:38 - 2015-03-05 14:38 - 0000532 _____ () C:\ProgramData\7148543670517373716\095e64fbe062fb5729547e3075573c1d.ini
2015-03-16 09:28 - 2015-03-16 09:28 - 0000538 _____ () C:\ProgramData\7148543670517373716\469ea551dcd2ec7429547e3075573c1d.ini
2015-03-16 09:27 - 2015-03-16 09:27 - 0000310 _____ () C:\ProgramData\7148543670517373716\50749470ef963f3e29547e3075573c1d.ini
2015-03-16 09:28 - 2015-03-16 09:28 - 0000537 _____ () C:\ProgramData\7148543670517373716\7f9b5a46ab819eca29547e3075573c1d.ini
2015-02-25 18:39 - 2015-02-25 18:39 - 0000541 _____ () C:\ProgramData\7148543670517373716\9bec11cdd23aeb0529547e3075573c1d.ini
2015-02-25 11:16 - 2015-02-25 11:16 - 0000538 _____ () C:\ProgramData\7148543670517373716\a45e8d31264287a529547e3075573c1d.ini
2015-02-25 11:16 - 2015-02-25 11:16 - 0000561 _____ () C:\ProgramData\7148543670517373716\bd7ce6740d045cee29547e3075573c1d.ini
2015-02-25 11:17 - 2015-02-25 11:17 - 0000309 _____ () C:\ProgramData\7148543670517373716\be23f4a8c4053d7a29547e3075573c1d.ini
2015-02-25 18:39 - 2015-02-25 18:39 - 0000542 _____ () C:\ProgramData\7148543670517373716\c295e559d046ad1e29547e3075573c1d.ini
2015-03-16 09:28 - 2015-03-16 09:28 - 0000577 _____ () C:\ProgramData\7148543670517373716\cdeb6825c186ba3029547e3075573c1d.ini
2015-02-25 18:39 - 2015-02-25 18:39 - 0000562 _____ () C:\ProgramData\7148543670517373716\dd4a2c5f72b1804b29547e3075573c1d.ini
2015-02-25 11:16 - 2015-02-25 11:16 - 0000538 _____ () C:\ProgramData\7148543670517373716\e2657abe6104cd0029547e3075573c1d.ini
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Main\AppData\Local\{F7219A06-ABC4-4CF0-B6B2-C1CA85235A26} ========================
 
The path is not a directory.
 
==== End of Fixlog 14:15:30 ====

 

AdwCleaner spat out two log files. AdwCleaner[R0].txt:

 

# AdwCleaner v4.200 - Logfile created 29/03/2015 at 14:17:54
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Administrator - MAIN-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : 70e6ca8c
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\invalidprefs.js
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\searchplugins\bingp.xml
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\user.js
File Found : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0
File Found : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0.localstorage
Folder Found : C:\Program Files (x86)\BetterPriCieCChec
Folder Found : C:\Program Files (x86)\CloicKForSale
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\KingCoupoNN
Folder Found : C:\Program Files (x86)\LUcckyShOpper
Folder Found : C:\Program Files (x86)\ROyalCCoouoponi
Folder Found : C:\Program Files (x86)\SalesiChueCker
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\smart pc cleaner
Folder Found : C:\Program Files (x86)\TiccTaCoupon
Folder Found : C:\Program Files (x86)\TiicTaaCOuupono
Folder Found : C:\ProgramData\6334ba97fe8e1b14
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Winferno
Folder Found : C:\Users\Administrator\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Administrator\AppData\Roaming\HPAppData
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\hmxhdzdotcqxdvo@duuqwkpswjbtqp.org
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\OuaTQk6@w5mB.com
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\PkBGvM@a.com
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\qV@4.net
Folder Found : C:\Users\Administrator\AppData\Roaming\Uniblue
Folder Found : C:\Users\Main\AppData\Local\Babylon
Folder Found : C:\Users\Main\AppData\Local\globalUpdate
Folder Found : C:\Users\Main\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Main\AppData\Roaming\Babylon
Folder Found : C:\Users\Main\AppData\Roaming\HPAppData
Folder Found : C:\Users\Main\AppData\Roaming\Media Finder
Folder Found : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\mq_rrgijtxghnvk__o@pucrzlgkwh_qo.org
Folder Found : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\OuaTQk6@w5mB.com
Folder Found : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\PkBGvM@a.com
Folder Found : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\qV@4.net
Folder Found : C:\Users\Main\AppData\Roaming\Optimizer Pro
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C39F8E09-DE95-4E2E-BFD7-1B58EA536160}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C39F8E09-DE95-4E2E-BFD7-1B58EA536160}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\69457ad3-ef9b-4022-80b6-232fc2acbfe2
Key Found : HKLM\SOFTWARE\b3e85fe6-77aa-4ec1-8998-b6505e473519
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C998B44-82D8-CC7E-D847-4CD73036412A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E370F69F-ED3F-925F-31FC-14D1329A713B}
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v36.0.4 (x86 en-US)
 
[6vsq2lk3.default] - Line Found : user_pref("extensions.yDv6MK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
[d159pf41.default-1416041931520] - Line Found : user_pref("browser.search.selectedEngine", "Ask Web Search");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.XF4qHG8iTqLOhimr.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":221360209,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360210,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.prev", "Yahoo");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.savedPrev", "true");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.prev", "Yahoo");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.savedPrev", "true");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.savedPrev", "true");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.savedPrev", 1);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.tb", 1);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.version.last", "36.0");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.83.5.43442");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=E838DF72-A17D-4DC2-B2D1-0102FD569526&n=780d11ac&p2=^Z7^xdm035^YYA^us");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", false);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.guardType", "HPR");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.user.defined", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installKeysSource", "Cookies");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2014122412");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm035^YYA^us");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "hxxp://free.gamingwonderland.com/install_pixels.jhtml?partner=^Z7^xdm035^YYA^us&coId=8b3be5c3379442c8be0f7d5c9bfc9419&tbGui[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "E838DF72-A17D-4DC2-B2D1-0102FD569526");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1427424775843");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.83.5.43442");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.searchHistory", "black teen spanked and tickled||teens in shower||Tickled Black||Tickle Tied Babysitter||Fingers Tickle Ribsand spanking||costco tra[...]
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://www.gamingwonderland.com/games/card-and-board/the-price-is-right?pg=DL");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.ownSearch", false);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.versionChanged", false);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "98201");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[d159pf41.default-1416041931520] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [16758 bytes] - [29/03/2015 14:17:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16818 bytes] ##########

 

AdwCleaner[S0].txt:

 

# AdwCleaner v4.200 - Logfile created 29/03/2015 at 14:23:20
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Administrator - MAIN-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : 70e6ca8c
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Winferno
Folder Deleted : C:\ProgramData\6334ba97fe8e1b14
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\BetterPriCieCChec
Folder Deleted : C:\Program Files (x86)\CloicKForSale
Folder Deleted : C:\Program Files (x86)\KingCoupoNN
Folder Deleted : C:\Program Files (x86)\LUcckyShOpper
Folder Deleted : C:\Program Files (x86)\ROyalCCoouoponi
Folder Deleted : C:\Program Files (x86)\SalesiChueCker
Folder Deleted : C:\Program Files (x86)\TiccTaCoupon
Folder Deleted : C:\Program Files (x86)\TiicTaaCOuupono
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Administrator\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Main\AppData\Local\Babylon
Folder Deleted : C:\Users\Main\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Main\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Main\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Main\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Main\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Main\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\hmxhdzdotcqxdvo@duuqwkpswjbtqp.org
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\OuaTQk6@w5mB.com
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\OuaTQk6@w5mB.com
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\PkBGvM@a.com
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\PkBGvM@a.com
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\Extensions\qV@4.net
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\qV@4.net
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\Extensions\mq_rrgijtxghnvk__o@pucrzlgkwh_qo.org
File Deleted : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0.localstorage
File Deleted : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\invalidprefs.js
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\searchplugins\bingp.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\69457ad3-ef9b-4022-80b6-232fc2acbfe2
Key Deleted : HKLM\SOFTWARE\b3e85fe6-77aa-4ec1-8998-b6505e473519
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C39F8E09-DE95-4E2E-BFD7-1B58EA536160}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C998B44-82D8-CC7E-D847-4CD73036412A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E370F69F-ED3F-925F-31FC-14D1329A713B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v36.0.4 (x86 en-US)
 
[6vsq2lk3.default\prefs.js] - Line Deleted : user_pref("extensions.yDv6MK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.XF4qHG8iTqLOhimr.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":221360209,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360210,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.prev", "Yahoo");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.savedPrev", "true");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.prev", "Yahoo");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.savedPrev", "true");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.savedPrev", "true");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.savedPrev", 1);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.tb", 1);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.version.last", "36.0");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.83.5.43442");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=E838DF72-A17D-4DC2-B2D1-0102FD569526&n=780d11ac&p2=^Z7^xdm035^YYA^us");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", false);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.guardType", "HPR");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.user.defined", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installKeysSource", "Cookies");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2014122412");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm035^YYA^us");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "hxxp://free.gamingwonderland.com/install_pixels.jhtml?partner=^Z7^xdm035^YYA^us&coId=8b3be5c3379442c8be0f7d5c9bfc9419&tbGui[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "E838DF72-A17D-4DC2-B2D1-0102FD569526");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1427424775843");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.83.5.43442");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.searchHistory", "black teen spanked and tickledteens in showerTickled BlackTickle Tied BabysitterFingers Tickle Ribsand spankingcostco tra[...]
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://www.gamingwonderland.com/games/card-and-board/the-price-is-right?pg=DL");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.ownSearch", false);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.versionChanged", false);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "98201");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[d159pf41.default-1416041931520\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [16914 bytes] - [29/03/2015 14:17:54]
AdwCleaner[S0].txt - [17105 bytes] - [29/03/2015 14:23:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17165  bytes] ##########

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on Sun 03/29/2015 at 14:36:46.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\CoolSaleeCCOupon
Successfully deleted: [Folder] C:\ProgramData\SalesMMaignett
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/29/2015 at 14:43:10.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Main at 2015-03-29 05:03:33
Running from D:\Firefox Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.6 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Clean the Junk (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version:  - "")
CloicKForSale (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version:  - "") <==== ATTENTION
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
EverQuest (2) (HKU\S-1-5-21-3329748851-216613655-1366542959-1000\...\soe-EverQuest (2)) (Version: 1.0.3.183 - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-3329748851-216613655-1366542959-1000\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FlAshCoupon (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version:  - "") <==== ATTENTION
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Glary Utilities 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KingCoupoNN (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version:  - "") <==== ATTENTION
LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation)
LUcckyShOpper (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - "") <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
One key Manger (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - "")
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
ROyalCCoouoponi (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version:  - "") <==== ATTENTION
SalesiChueCker (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version:  - "") <==== ATTENTION
SHopperMaster (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version:  - "") <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
System Ninja version 3.0.4 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.4 - SingularLabs)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40642 - TeamViewer)
TiicTaaCOuupono (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3329748851-216613655-1366542959-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-03-28 22:37 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {108FBCA3-9395-451D-8C02-50223823AE47} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {1E413DE6-1627-428D-A83C-7571898D6090} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {22221BAD-8C9A-4E21-AF1C-831AA932F714} - System32\Tasks\{41208D27-EFCD-475A-AE32-6DA8027A5620} => D:\Program Files (x86)\Turbine\DDO Unlimited\TurbineLauncher.exe [2014-10-26] (Turbine, Inc.)
Task: {3481DD67-A187-4FB3-8F76-B3F2A9F0A0FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-08] (Google Inc.)
Task: {48181EFC-ECF8-4273-A190-ACAB87592DE3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-26] (Avast Software s.r.o.)
Task: {4FCCB9A5-4242-41DD-91D7-2C6B429638B5} - System32\Tasks\GlaryInitialize 5 => D:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-04] (Glarysoft Ltd)
Task: {7A088BC1-EA9E-4AE9-9584-DB5807CDC871} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {840FB255-65A2-474F-A653-1859160C2743} - System32\Tasks\{6D510497-B4BA-41B0-B0E8-F99A725CDC4F} => pcalua.exe -a "D:\Firefox Downloads\windirstat1_1_2_setup.exe" -d "D:\Firefox Downloads"
Task: {87DD3A6B-3CB1-4BD3-8BBB-674408B9F0B6} - System32\Tasks\{2B628AB2-D215-4DF6-AD0A-228D11B7A72E} => pcalua.exe -a E:\installers\HRBlock_Deluxe+Efile_2011_CD.exe -d E:\installers
Task: {9EAC4732-6FB1-484C-9DBB-89945456993C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-08] (Google Inc.)
Task: {9F316A92-348A-41F1-802B-81A347421E0E} - System32\Tasks\GU5SkipUAC => D:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-04] (Glarysoft Ltd)
Task: {A33F2C80-093E-48A2-A4A6-F6830F8FA970} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A7777D8B-387F-4C4D-A69E-A1C60CE20100} - System32\Tasks\{2D952933-73F8-414D-978B-263DD484F58F} => D:\Program Files (x86)\Turbine\DDO Unlimited\TurbineLauncher.exe [2014-10-26] (Turbine, Inc.)
Task: {C1E24384-EDA2-4D6E-99AA-E7D93AFEA628} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {E3D1EE42-0854-4020-AF9C-5F483D233B3D} - System32\Tasks\{54360F9A-294F-4E1A-94B5-338F112AF123} => pcalua.exe -a "D:\DDO\DDO High Res Install Files\dndsetup.exe" -d "D:\DDO\DDO High Res Install Files"
Task: {ED0E634E-1BBA-4CCE-9BCF-28AF8323574C} - System32\Tasks\hpwebreg_xxxxxxxxxx => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F59DD6D6-41A9-441C-8055-60DF0186ED48} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3329748851-216613655-1366542959-1000
Task: {F8679920-1DFE-459A-88A0-4FC000F581D5} - System32\Tasks\{0045B2EE-2513-497E-A808-05F153727562} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F8CE2D4B-D77C-4882-9AB5-924DDED6F902} - System32\Tasks\{493D7C94-5D80-453A-A5AD-ADF51CB5DBF8} => D:\Program Files (x86)\Turbine\DDO Unlimited\TurbineLauncher.exe [2014-10-26] (Turbine, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => D:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HpWebReg.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-05-19 13:44 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2015-01-08 06:22 - 2014-12-15 02:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-01-08 06:22 - 2014-12-15 02:04 - 00253992 _____ () C:\Program Files (x86)\EASEUS\TrayPopup\TrayTipAgent.exe
2015-03-26 23:48 - 2015-03-26 23:48 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-26 23:48 - 2015-03-26 23:48 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-28 13:24 - 2015-03-28 13:24 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032801\algo.dll
2015-03-29 04:57 - 2015-03-29 04:57 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032900\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-01-08 06:22 - 2014-12-15 01:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-03-19 10:23 - 2015-03-19 10:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-08 06:22 - 2014-12-15 02:04 - 00223272 _____ () C:\Program Files (x86)\EASEUS\TrayPopup\traynet.dll
2015-01-08 06:22 - 2014-12-15 02:04 - 00275496 _____ () C:\Program Files (x86)\EASEUS\TrayPopup\libcurl.dll
2015-01-08 06:22 - 2014-12-15 02:04 - 00118328 _____ () C:\Program Files (x86)\EASEUS\TrayPopup\zlib1.dll
2015-01-08 06:22 - 2014-12-15 02:04 - 00249896 _____ () C:\Program Files (x86)\EASEUS\TrayPopup\uexper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3329748851-216613655-1366542959-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Main\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 23.226.230.72 - 23.90.4.6
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3329748851-216613655-1366542959-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3329748851-216613655-1366542959-501 - Limited - Disabled)
Main (S-1-5-21-3329748851-216613655-1366542959-1000 - Administrator - Enabled) => C:\Users\Main
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/28/2015 08:02:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 
Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

 
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

 
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (03/28/2015 10:37:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (03/28/2015 10:36:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (03/28/2015 10:36:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:19 PM on ‎3/‎28/‎2015 was unexpected.
 
Error: (03/28/2015 10:36:41 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/28/2015 04:51:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (03/28/2015 04:51:06 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (03/28/2015 04:51:05 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/28/2015 04:51:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:42:02 PM on ‎3/‎28/‎2015 was unexpected.
 
Error: (03/28/2015 01:23:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (03/28/2015 01:22:52 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
 
 
Microsoft Office Sessions:
=========================
Error: (03/28/2015 08:02:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\program files\CCleaner\CCleaner.exe
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:  
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

 
Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

 
Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:  
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:  
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (03/27/2015 06:26:32 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:  
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-07 21:45:06.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-07 21:45:06.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-12-19 14:36:28.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-12-19 14:36:28.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info ===========================  
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 4095.35 MB
Available physical RAM: 2202.31 MB
Total Pagefile: 4093.54 MB
Available Pagefile: 2188.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:39.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:325.66 GB) (Free:284.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0ADBE4C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.7 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

Attached Files


Edited by Injigo, 29 March 2015 - 07:27 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 29 March 2015 - 06:48 PM

Greetings,

I think we will be fine with you working remotely but we will see.

Please do these things.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

FlAshCoupon

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CustomCLSID: HKU\S-1-5-21-3329748851-216613655-1366542959-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
Task: {108FBCA3-9395-451D-8C02-50223823AE47} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Troubleshooting Corrupt Content Index Catalog in Windows 7

--------------------
  • Click Start, Control Panel, then Troubleshooting
  • On the left hand side click View All
  • Click Search and Indexing
  • Click Advanced then place a checkmark in Apply repairs automatically (should be checked by default)
  • Click Next
  • Click My problem isn't listed (Please provide a description on the next page)
  • Click Next
  • Type content index catalog is corrupt, then click Next
  • Please report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program uninstall?
  • Fixlog
  • Index Catalog results
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Injigo

Injigo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 March 2015 - 07:20 PM

FlAshCoupon wasn't in the program list. I ran the code through FRST, then rebooted. Automatic repairs of Search and Indexing did nothing. "Troubleshooting couldn't identify the problem."

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-29 17:01:32 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Main & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-3329748851-216613655-1366542959-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
Task: {108FBCA3-9395-451D-8C02-50223823AE47} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
emptytemp:
 
*****************
 
HKU\S-1-5-21-3329748851-216613655-1366542959-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => Key not found.  
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108FBCA3-9395-451D-8C02-50223823AE47} => Key not found.  
C:\Windows\System32\Tasks\Optimizer Pro Schedule not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found.  
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully.
EmptyTemp: => Removed 195.8 MB temporary data.
 
 
The system needed a reboot.  
 
==== End of Fixlog 17:01:36 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 29 March 2015 - 07:31 PM

How is the computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Injigo

Injigo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 March 2015 - 07:35 PM

So far, pretty well. A little slow to boot up but that may be normal for this machine. It could probably also use a defrag.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 29 March 2015 - 07:44 PM

Thanks, please do these things.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Injigo

Injigo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 31 March 2015 - 08:15 AM

Computer seems to running fine right now.

 

ESET:

 

C:\Users\All Users\fohaehjhcmlobklfhglgfhicgadhgbdn\content.js    JS/Adware.MultiPlug.B application    
C:\Users\All Users\fohaehjhcmlobklfhglgfhicgadhgbdn\lsdb.js    JS/Adware.MultiPlug.B application    
C:\Users\All Users\fohaehjhcmlobklfhglgfhicgadhgbdn\NhfX8Ikm.js    JS/Kryptik.ATB trojan    
C:\AdwCleaner\Quarantine\C\Users\Main\AppData\Local\Babylon\Setup\BExternal.dll.vir    a variant of Win32/Toolbar.Babylon.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Main\AppData\Local\Babylon\Setup\IECookieLow.dll.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Main\AppData\Local\Babylon\Setup\Setup.exe.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application    deleted - quarantined
C:\ProgramData\fohaehjhcmlobklfhglgfhicgadhgbdn\content.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\ProgramData\fohaehjhcmlobklfhglgfhicgadhgbdn\lsdb.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\ProgramData\fohaehjhcmlobklfhglgfhicgadhgbdn\NhfX8Ikm.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\content.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\qP81.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibhgnpocflidkjpcgjafalpiffkpice\221\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibhgnpocflidkjpcgjafalpiffkpice\221\iwkdKVQ4x.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjefpkmlibebgbbgidmhpmjhcdffhfm\150\Hf.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjefpkmlibebgbbgidmhpmjhcdffhfm\150\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp\195\content.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp\195\rKn4h2.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcbagiiepbjgkfjhakhilgeikkoapem\229\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcbagiiepbjgkfjhakhilgeikkoapem\229\r.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdegpbaoaebllngceboapplllecfpc\184\Hrr0LsG.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\131\e.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef\242\HqTg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\extensions\staged\o@nE6yh.com\content\bg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\extensions\staged\qIhIdM@h.org\content\bg.js.vir    JS/Kryptik.ATL trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6vsq2lk3.default\extensions\staged\w@9h.net\content\bg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\content.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll\105\qP81.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp\195\content.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp\195\rKn4h2.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdegpbaoaebllngceboapplllecfpc\184\Hrr0LsG.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\extensions\o@nE6yh.com\content\bg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\extensions\qIhIdM@h.org\content\bg.js.vir    JS/Kryptik.ATL trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\d159pf41.default-1416041931520\extensions\w@9h.net\content\bg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\PuranDefragSetup.exe    a variant of Win32/Toolbar.Babylon.F potentially unwanted application    deleted - quarantined
C:\Users\Main\Desktop\Old Firefox Data\1tjbb1yr.default\extensions\yEB9BTg@J.edu\content\bg.js    JS/Kryptik.ATL trojan    cleaned by deleting - quarantined
D:\Program Files (x86)\CPUID\PC Wizard 2012\systweakasp_c.exe    MSIL/AdvancedSystemProtector.D potentially unwanted application    deleted - quarantined

 

screen317's Security Check:

 

 Results of screen317's Security Check version 0.99.99   
 Windows 7 Service Pack 1 x64 (UAC is enabled)   
 Internet Explorer 11   
``````````````Antivirus/Firewall Check:``````````````  
 Windows Firewall Enabled!   
avast! Antivirus    
 Antivirus up to date!    
`````````Anti-malware/Other Utilities Check:`````````  
 Java 8 Update 40   
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!   
 Mozilla Firefox (36.0.4)  
 Google Chrome (41.0.2272.101)  
 Google Chrome (41.0.2272.89)  
````````Process Check: objlist.exe by Laurent````````   
 AVAST Software Avast AvastSvc.exe   
 AVAST Software Avast AvastUI.exe   
`````````````````System Health check`````````````````  
 Total Fragmentation on Drive C: 0%  
````````````````````End of Log``````````````````````



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 01 April 2015 - 10:13 AM

I apologize for the delay in replying. That all looks good. Before I post some concluding instructions and information do you have any remaining issues or questions?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Injigo

Injigo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 03 April 2015 - 05:12 AM

No worries, Gary. Nope, I can't think of anything...



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 03 April 2015 - 10:02 AM

Excellent, thanks.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:22 PM

Posted 05 April 2015 - 05:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users