Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very slow , keeps freezing,


  • This topic is locked This topic is locked
30 replies to this topic

#1 dialout

dialout

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 15 April 2015 - 10:16 AM

compaq laptop windows 7 64 bit system. the kids had been using it for their games, but i got them their own now. So i was trying to see if this laptop was still usable, and it is very slow, and keeps freezing. Mbam has cleaned it up some, and i have used revo to remove some things. 

 

They used it mostly to play online games and watch videos so I am sure there are some nasties hiding that i do not know how to clean up. 

any help is as usual greatly appreciated

 

 

---------------------------------------------log to follow-------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02
Ran by sheila (administrator) on SHEILA-HP on 15-04-2015 11:01:01
Running from C:\Users\sheila\Downloads
Loaded Profiles: sheila (Available profiles: sheila)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\Run: [Utopia Angel] => C:\Utopia\Angel\Angel.exe [3650560 2015-01-25] ()
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2426469760-115235506-2384610940-1000] => http=127.0.0.1:49204;https=127.0.0.1:49204
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> DefaultScope {099035C6-5CAC-47A3-A6C5-600FA26BCD91} URL = http://search.whiteskyservices.com/?wstoken=FB9930A8-B21F-4A1A-A1DF-98A0EBD1FF38&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {099035C6-5CAC-47A3-A6C5-600FA26BCD91} URL = http://search.whiteskyservices.com/?wstoken=FB9930A8-B21F-4A1A-A1DF-98A0EBD1FF38&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-16] (Sun Microsystems, Inc.)
BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\sheila\AppData\Local\RivalGaming\RivalGaming.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\svhplmtb.default
FF SelectedSearchEngine: Connect Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-16] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-2426469760-115235506-2384610940-1000: @nsroblox.roblox.com/launcher -> C:\Users\sheila\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2426469760-115235506-2384610940-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\sheila\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2426469760-115235506-2384610940-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\sheila\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll [2011-06-09] ()
FF Plugin HKU\S-1-5-21-2426469760-115235506-2384610940-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-07-22] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\svhplmtb.default\searchplugins\Connect Search.xml [2014-12-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-06-15]
FF Extension: RivalGaming  - C:\Users\sheila\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-08-21]
 
Chrome: 
=======
CHR Profile: C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (UpoOpu) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihciecogimefcijfmnilcojdpkelpiae [2015-02-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Google Wallet) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-07] (Malwarebytes Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 10:30 - 2015-04-15 10:31 - 00043761 _____ () C:\Users\sheila\Downloads\Addition.txt
2015-04-15 10:05 - 2015-04-15 11:01 - 00016787 _____ () C:\Users\sheila\Downloads\FRST.txt
2015-04-15 10:04 - 2015-04-15 11:01 - 00000000 ____D () C:\FRST
2015-04-15 10:03 - 2015-04-15 10:05 - 02097152 _____ (Farbar) C:\Users\sheila\Downloads\FRST64 (1).exe
2015-04-15 10:02 - 2015-04-15 10:03 - 02097152 _____ (Farbar) C:\Users\sheila\Downloads\FRST64.exe
2015-04-15 09:11 - 2015-04-15 09:15 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-15 09:11 - 2015-04-15 09:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-08 17:28 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-08 17:28 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-07 11:42 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-07 11:42 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-07 11:42 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-07 11:42 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-07 11:42 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-07 11:42 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-07 11:42 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-07 11:42 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-07 11:42 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-07 11:42 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-07 11:42 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-07 11:42 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-07 11:42 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-07 11:42 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-07 11:38 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-07 11:38 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-07 11:35 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-07 11:35 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-07 11:35 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-07 11:35 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-07 11:35 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-07 11:35 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-07 11:35 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-07 11:35 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-07 11:35 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-07 11:35 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-07 11:35 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-07 11:35 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-07 11:35 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-07 11:35 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-07 11:35 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-07 11:35 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-07 11:35 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-07 11:35 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-07 11:35 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-07 11:35 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-07 11:35 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-07 11:35 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-07 11:35 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-07 11:35 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-07 11:35 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-07 11:35 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-07 11:35 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-07 11:35 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-07 11:35 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-07 11:35 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-07 11:35 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-07 11:35 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-07 11:35 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-07 11:35 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-07 11:35 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-07 11:35 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-07 11:35 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-07 11:35 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-07 11:35 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-07 11:35 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-07 11:35 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-07 11:35 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-07 11:35 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-07 11:35 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-07 11:35 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-07 11:35 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-07 11:35 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-07 11:35 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-07 11:35 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-07 11:35 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-07 11:35 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-07 11:35 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-07 11:35 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-07 11:35 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-07 11:35 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-07 11:35 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-07 11:35 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-07 11:35 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-07 11:35 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-07 11:33 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-07 11:33 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 10:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 10:46 - 2012-08-11 21:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 10:40 - 2012-06-05 20:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 10:34 - 2012-07-02 21:04 - 01558073 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 10:08 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:08 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 09:53 - 2009-07-14 01:13 - 00814656 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 09:46 - 2015-02-09 12:07 - 00000336 _____ () C:\Windows\setupact.log
2015-04-15 09:46 - 2013-05-31 18:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-04-15 09:46 - 2012-06-05 20:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 09:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 09:15 - 2009-07-14 00:45 - 00278592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 09:14 - 2012-08-21 12:22 - 00000264 _____ () C:\Windows\Tasks\RGames Updater.job
2015-04-15 08:46 - 2012-08-11 21:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:46 - 2012-08-11 21:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 08:46 - 2011-08-10 09:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:45 - 2011-05-21 22:57 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E375475-DDAD-4FCE-B04B-507FFF4F8E3E}
2015-04-08 17:15 - 2013-10-17 11:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-08 16:57 - 2011-05-19 14:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-07 12:02 - 2012-08-11 21:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-07 11:13 - 2015-01-04 12:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
 
==================== Files in the root of some directories =======
 
2012-04-14 08:14 - 2012-04-14 08:14 - 0100211 _____ () C:\Users\sheila\AppData\Local\ars.cache
2012-04-14 08:14 - 2012-04-14 08:14 - 0207689 _____ () C:\Users\sheila\AppData\Local\census.cache
2012-12-02 19:43 - 2012-12-02 19:43 - 0027520 _____ () C:\Users\sheila\AppData\Local\dt.dat
2012-04-14 08:01 - 2012-04-14 08:01 - 0000036 _____ () C:\Users\sheila\AppData\Local\housecall.guid.cache
2011-02-12 04:49 - 2011-02-12 04:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-16 15:30 - 2010-10-16 15:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-12 04:48 - 2011-02-12 04:48 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-16 15:24 - 2010-10-16 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-12 04:48 - 2011-02-12 04:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-02-12 04:49 - 2011-02-12 04:49 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-16 15:23 - 2010-10-16 15:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-16 15:25 - 2010-10-16 15:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-16 15:31 - 2011-02-12 04:49 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\ZALSDKCORE.DLL
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 10:52
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 20 April 2015 - 09:14 AM

Greetings dialout and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please cut and paste FRST.exe from the Downloads folder onto your Desktop.

Running from C:\Users\sheila\Downloads


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2426469760-115235506-2384610940-1000] => http=127.0.0.1:49204;https=127.0.0.1:49204
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\sheila\AppData\Local\RivalGaming\RivalGaming.dll No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 TMAgent; No ImagePath
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure to check Addition.tx and post both logs
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST and Addition.txt logs
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 April 2015 - 01:58 PM

hi, my names John...I looked this morning and nobody had replied yet, so i kept tinkering with it....I just ran a super anti spyware scan (prior to seeing your response...sorry) I'll post the log below...please let me know if I should still follow your above instructions

 

 

 

==================================================================================================================================

 

SUPERAntiSpyware Scan Log
 
Generated 04/20/2015 at 02:38 PM
 
Application Version : 6.0.1186
Database Version : 11839
 
Scan type       : Complete Scan
Total Scan Time : 00:22:14
 
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 637
Memory threats detected   : 0
Registry items scanned    : 62851
Registry threats detected : 7
File items scanned        : 20227
File threats detected     : 289
 
Adware.RivalGaming
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\ProgID
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\Programmable
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\TypeLib
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\VersionIndependentProgID
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revenuemantra.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wgmyegazofo.stats.esomniture.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjnyagczihp.stats.esomniture.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechjp.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.madnet.ru [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adition.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
secure-us.imrworldwide.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9DTK7LTS ]
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.basebanner.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
www.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
www.utopiafinder.eu [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
ads1.boostadvtracking.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
ads1.boostadvtracking.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
stat.komoona.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.adservhere.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
adserver.smackchow.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
adserver.smackchow.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
wmb.rotator.hadj7.adjuggler.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adjuggler.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adjuggler.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adjuggler.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
adserver.recipechart.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
onclickads.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
onclickads.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adservingml.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adservingml.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.realmediadigital.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adition.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
c1.adform.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.revenuemantra.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.realmediadigital.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.realmediadigital.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.realmediadigital.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
c1.adform.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\SHEILA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVHPLMTB.DEFAULT\COOKIES.SQLITE ]
 
Trojan.Agent/Gen-Verti
C:\USERS\SHEILA\DOWNLOADS\TINYMEDIAPLAYERINSTALLER(1).EXE
C:\USERS\SHEILA\DOWNLOADS\TINYMEDIAPLAYERINSTALLER(2).EXE
C:\USERS\SHEILA\DOWNLOADS\TINYMEDIAPLAYERINSTALLER.EXE
 
============================
 Unwanted Programs Detected 
============================
The Weather Channel Desktop
 
============
 End of Log 
============
 
 
 
 
 
sorry i was impatient  :)


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 20 April 2015 - 03:13 PM

Hi John,

 

Thanks for letting me know. If you haven't cleaned those SAS entries go ahead and do so. Following that I would like you to still complete the steps I listed.

 

Please review my initial instructions on how to Follow this Topic so you will be notified when I have replied. You can expect a fairly quick reply on my end.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 April 2015 - 06:52 PM

the frst scans may not be correct. when i tried to run it the second time it errored with a message that no fixlist.txt found...so i repasted it and ran it again...also the addition.tx box was already checked.

 

logs to follow:

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by sheila at 2015-04-20 19:17:41 Run:2
Running from C:\Users\sheila\Desktop
Loaded Profiles: sheila (Available profiles: sheila)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2426469760-115235506-2384610940-1000] => http=127.0.0.1:49204;https=127.0.0.1:49204
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\sheila\AppData\Local\RivalGaming\RivalGaming.dll No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 TMAgent; No ImagePath
 
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key not found. 
HKCR\Wow6432Node\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value not found.
HKCR\CLSID\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value not found.
HKCR\Wow6432Node\CLSID\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
AntiLog32 => Service not found.
catchme => Service not found.
clwvd => Service not found.
keycrypt => Service not found.
TMAgent => Service not found.
 
==== End of Fixlog 19:18:04 ====
 
 
 
 
 
 
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by sheila at 2015-04-20 19:17:41 Run:2
Running from C:\Users\sheila\Desktop
Loaded Profiles: sheila (Available profiles: sheila)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2426469760-115235506-2384610940-1000] => http=127.0.0.1:49204;https=127.0.0.1:49204
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\sheila\AppData\Local\RivalGaming\RivalGaming.dll No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2426469760-115235506-2384610940-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 TMAgent; No ImagePath
 
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key not found. 
HKCR\Wow6432Node\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value not found.
HKCR\CLSID\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value not found.
HKCR\Wow6432Node\CLSID\!{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
AntiLog32 => Service not found.
catchme => Service not found.
clwvd => Service not found.
keycrypt => Service not found.
TMAgent => Service not found.
 
==== End of Fixlog 19:18:04 ====
 
 
 
 
 
 
 
# AdwCleaner v4.201 - Logfile created 20/04/2015 at 19:25:13
# Updated 08/04/2015 by Xplode
# Database : 2015-04-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : sheila - SHEILA-HP
# Running from : C:\Users\sheila\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\sheila\AppData\Roaming\SecureSearch
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : BrowserSafeguard Update Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;192.168.*.*
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PGL&o=102946&locale=en_US&apn_uid=dc8e1426-6dae-4bf8-91c9-65982166c5ec&apn_ptnrs=6J&apn_sauid=519E538B-FC29-4A08-9C73-B5AAF8B0F238&apn_dtid=YYYYYYUUUS&q={searchTerms}
[C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=421&systemid=406&sr=0&q={searchTerms}
[C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={59651A5C-CFE8-4253-807C-6F9B9D4E4838}&mid=f0b9aa23265347d099c94902a75b6e0f-c22f9df3ce9d73e1c4cccbf447229d152912d892&lang=en&ds=AVG&pr=fr&d=2012-08-27 10:16:23&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [9642 bytes] - [15/06/2014 12:56:29]
AdwCleaner[R1].txt - [3095 bytes] - [20/04/2015 19:22:51]
AdwCleaner[S0].txt - [8997 bytes] - [15/06/2014 13:04:50]
AdwCleaner[S1].txt - [3040 bytes] - [20/04/2015 19:25:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3099  bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.9 (04.19.2015:1)
OS: Windows 7 Home Premium x64
Ran by sheila on Mon 04/20/2015 at 19:31:06.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Users\sheila\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{0CE97869-BBDA-479D-8DBF-2021C1AB103D}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{1AE717E8-C13B-4239-8B12-45C421E670A6}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{20F20A5E-11FE-40CC-9754-5230F6BFC745}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{2328696F-D1F4-4BEE-AD42-DD8626377023}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{2FFCFB6C-C051-4FEA-81ED-18E306EF5825}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{305AFE78-AAC6-4391-939B-C3C845856CB4}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{3488BDF7-3BA5-4F3D-A0AC-8F9338D71884}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{3C3E2DA4-5D9B-4580-AEF9-755625CA0F32}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{46BE9779-6474-433C-943C-0603EFE1FE37}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{6837596A-A9CB-4EFD-8107-2BE1608BD836}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{6B438A84-8723-4829-88FA-07D673A5E798}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{6D788F6F-43F5-4FD6-B817-2D3D4EC88B59}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{6DAE759B-BD38-4062-8723-234C4719A395}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{7A60E998-251A-4655-8198-F43204F6A149}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{7C74272F-42A7-49C2-9594-85ABD5E74493}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{9B7DFE5F-7C3E-4BA5-8270-11CA3A1B22FF}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{9BC06AA6-4413-443E-B12E-1018A267CAA7}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{A4BE2902-D1A6-4445-AA5C-950CB06A615A}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{A5FFE7B2-000B-4A06-AFCD-E304E94247F2}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{B6C59AD9-6349-4571-A67C-62FF6794EA2A}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{BD3ECD4B-F86C-4470-8418-19484B924C2B}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{C57EBF72-DD36-41D3-8CD2-D3260360A911}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{D4B700BA-7F66-472A-95EF-4E1FB0504D80}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{D9DFD1B8-B947-4357-AF87-2709B52966A3}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{DE895BCB-E251-405F-AA1C-AFAAB885685F}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{E3655164-B47B-46A1-AB8D-CCE65A7C6992}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{F026EC88-B6A1-49A8-A2ED-7134B765DEED}
Successfully deleted: [Empty Folder] C:\Users\sheila\appdata\local\{F905B28C-1782-4A44-9633-A0F396E2E5FB}
Successfully deleted: [Folder] C:\Users\sheila\appdata\local\adawarebp
Successfully deleted: [Folder] C:\Users\sheila\appdata\local\rivalgaming
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\sheila\AppData\Roaming\mozilla\firefox\profiles\svhplmtb.default\minidumps [1 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/20/2015 at 19:38:41.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 April 2015 - 06:53 PM

summary zip

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 20 April 2015 - 06:55 PM

Regarding the running of FRST + Addition.txt, we need to hit the Scan button rather than Fix.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2015 - 08:26 AM

it ran under the scan tab for about 30 seconds going threw files...but then froze with a little spinning wheel and says Farbar Recovery Scan Tool (not responding)

 

as per your initial instruction I will leave it open to see if it comes back to life. unless you want me to close it and start again. 

 

 

Thanks

John



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 21 April 2015 - 08:37 AM

Hi John,

If you are still hung up reboot your computer and try to run it in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2015 - 08:39 AM

it it came back to life, but very slow 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by sheila at 2015-04-21 09:32:41
Running from C:\Users\sheila\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AVG 2012 (Version: 12.0.3204 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1920 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 3: Athens (HKLM-x32\...\BFG-Heroes of Hellas 3 - Athens) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Documentation (HKLM-x32\...\{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}) (Version: 1.1.2.1 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}) (Version: 4.0.70.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java™ 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM-x32\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files &reg;: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Mystery Case Files: Dire Grove, Sacred Grove Collector's Edition (HKLM-x32\...\BFG-MCF - Dire Grove Sacred Grove CE) (Version:  - )
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
PuppetShow: The Price of Immortality Collector's Edition (HKLM-x32\...\BFG-PuppetShow - The Price of Immortality Collectors Edition) (Version:  - )
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.11.0 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivalGaming (HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\RivalGaming) (Version:  - RivalGaming)
ROBLOX Player for sheila (HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for sheila (HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Smilebox (HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebIQ Technology Engine (HKLM-x32\...\{28541BE3-E162-441C-9087-696B69E7AAC1}) (Version: 1.7.1112 - Usability Sciences Corporation)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2426469760-115235506-2384610940-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\sheila\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Restore Points  =========================
 
10-02-2015 10:04:52 Windows Update
12-02-2015 08:28:57 Windows Update
07-04-2015 11:05:33 Windows Update
07-04-2015 12:31:59 Windows Backup
08-04-2015 16:53:06 Windows Update
15-04-2015 10:01:20 Windows Backup
15-04-2015 10:01:30 Windows Update
16-04-2015 06:23:05 Windows Update
20-04-2015 08:50:24 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2012-06-07 21:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19E11CD6-DAFF-499A-AF93-8E0C0CF45D59} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {248BC4E4-1C0F-47C3-9CB0-228F423E7ABF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2723710F-548F-463D-BA25-54C531635FDD} - System32\Tasks\{0EBC8A20-B81F-45CB-BEF0-C487858E9A1E} => C:\Program Files (x86)\bfgclient\bfgclient.exe [2014-03-05] ()
Task: {2EDF6FE4-23BC-4CD1-8946-59CA0A7F5181} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
Task: {2F2A0298-B525-4D83-BDCF-591CB83C1AB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {3A8CBAF7-D3DA-424B-953C-F419A42AF90A} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {4CB46921-996D-4B38-8C5C-459F2A7DD4B6} - \RGames Updater No Task File <==== ATTENTION
Task: {577FE559-DC30-4519-80B8-8B58064556CA} - System32\Tasks\{4B2165C3-1CC7-46B7-BB07-0D06BB2F3C0F} => C:\Program Files (x86)\bfgclient\bfgclient.exe [2014-03-05] ()
Task: {648EC70D-33E1-457F-A7F0-9CEE322B1005} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {663DF1F8-4246-4C5E-AF6C-50068FC7A75B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {70C5F8D2-FAA2-48A7-9637-9E9A7C985271} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7F0055E0-747C-4D9D-AF68-F2AFA2CBB858} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {9857B7B7-CDFD-4431-9CBD-4A7A164F668F} - System32\Tasks\{B2D87A32-31B3-4B6A-98E6-A7CE975459EB} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G\angel212a1[1].exe" -d C:\Users\sheila\Desktop
Task: {A9DE5DDB-B5D8-431A-81BF-3246A6264809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {ABEDF193-F1B1-4B5E-AE31-E6A65373B870} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B78A91BD-53CF-4C59-9483-0113090BAA17} - System32\Tasks\{3988747C-1EFE-444D-9264-1416C574359C} => pcalua.exe -a C:\Users\sheila\Downloads\Adaware_Installer.exe -d C:\Users\sheila\Downloads
Task: {BF64085D-DAB7-459E-8EC5-B880861B5105} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {C771015D-1E88-4844-A808-2F7E9C5BB6F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E09896BE-4988-4DD8-940E-9C765B3FD5FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E758E4F9-0EBC-4965-B031-A95A42F148E1} - System32\Tasks\{EA306C2C-8A02-40A5-94D2-5F5C2D5F7599} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F\angel212b[1].exe" -d C:\Users\sheila\Desktop
Task: {E845F877-ADDA-4A49-B671-002F33CD3388} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {FA694EF8-C9D2-47ED-8335-F67C2A1388A2} - System32\Tasks\{F936271E-2412-46AB-85D4-234B273E0DBE} => pcalua.exe -a "C:\Users\sheila\Desktop\New folder\angel211b.exe" -d C:\Users\sheila\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RGames Updater.job => C:\Users\sheila\AppData\Local\RivalGaming\Updater.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-09-07 12:47 - 2010-09-07 12:47 - 00202048 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2010-09-07 12:47 - 2010-09-07 12:47 - 00664896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2015-04-18 21:13 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-18 21:13 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:08677BDD
AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
AlternateDataStreams: C:\ProgramData\Temp:092BD83A
AlternateDataStreams: C:\ProgramData\Temp:0C988F7D
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11E79CC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1E2D49E0
AlternateDataStreams: C:\ProgramData\Temp:207C4C79
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:26991AB9
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:322D2CD3
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3A6BC948
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:4112A0B6
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:47BC930A
AlternateDataStreams: C:\ProgramData\Temp:48FEA089
AlternateDataStreams: C:\ProgramData\Temp:4AA3DAA3
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54380FEC
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:5511B474
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56781F72
AlternateDataStreams: C:\ProgramData\Temp:57CC1FDC
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:608F405E
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:67E674B0
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:710768C7
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:76987FE5
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:80B291A7
AlternateDataStreams: C:\ProgramData\Temp:869C6B4A
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:89C2A42C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:92F3A33D
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:950C96ED
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A31B5E9B
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A6116FBB
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:BDCD0530
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C7A3B688
AlternateDataStreams: C:\ProgramData\Temp:C820549A
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:D4BB0AD6
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EEFA1B22
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\hp.com -> hxxp://hp.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\sonic.com -> hxxp://redirect.sonic.com
IE trusted site: HKU\S-1-5-21-2426469760-115235506-2384610940-1000\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2426469760-115235506-2384610940-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2426469760-115235506-2384610940-500 - Administrator - Disabled)
Guest (S-1-5-21-2426469760-115235506-2384610940-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2426469760-115235506-2384610940-1002 - Limited - Enabled)
sheila (S-1-5-21-2426469760-115235506-2384610940-1000 - Administrator - Enabled) => C:\Users\sheila
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/20/2015 07:37:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (04/20/2015 07:37:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
 
Error: (04/20/2015 10:45:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/20/2015 09:44:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/18/2015 09:44:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/18/2015 09:07:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/16/2015 09:06:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/16/2015 08:18:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0x1368
Faulting application start time: 0xbfgclient.exe0
Faulting application path: bfgclient.exe1
Faulting module path: bfgclient.exe2
Report Id: bfgclient.exe3
 
Error: (04/16/2015 07:54:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Exception code: 0xc0000005
Fault offset: 0x001f804f
Faulting process id: 0x12f8
Faulting application start time: 0xbfgclient.exe0
Faulting application path: bfgclient.exe1
Faulting module path: bfgclient.exe2
Report Id: bfgclient.exe3
 
Error: (04/16/2015 07:54:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0xdb8
Faulting application start time: 0xbfgclient.exe0
Faulting application path: bfgclient.exe1
Faulting module path: bfgclient.exe2
Report Id: bfgclient.exe3
 
 
System errors:
=============
Error: (04/20/2015 07:35:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (04/20/2015 07:33:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RtVOsdService Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 07:33:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/20/2015 07:33:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2015 07:37:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (04/20/2015 07:37:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
 
Error: (04/20/2015 10:45:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (04/20/2015 09:44:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/18/2015 09:44:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/18/2015 09:07:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/16/2015 09:06:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe
 
Error: (04/16/2015 08:18:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bfgclient.exe3.3.0.253179a91ntdll.dll6.1.7601.187985507b3e0c0000005000222d2136801d0783c28f763e4C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Windows\SysWOW64\ntdll.dlla0b9b246-e432-11e4-9afa-984be1bf87fc
 
Error: (04/16/2015 07:54:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bfgclient.exe3.3.0.253179a91bfgclient.exe3.3.0.253179a91c0000005001f804f12f801d0783c28903c22C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Program Files (x86)\bfgclient\bfgclient.exe67142702-e42f-11e4-9afa-984be1bf87fc
 
Error: (04/16/2015 07:54:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bfgclient.exe3.3.0.253179a91ntdll.dll6.1.7601.187985507b3e0c0000005000222d2db801d0783c0a378a81C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Windows\SysWOW64\ntdll.dll530fa719-e42f-11e4-9afa-984be1bf87fc
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-05-24 13:56:40.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-24 13:56:40.755
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 1978.92 MB
Available physical RAM: 882.18 MB
Total Pagefile: 3957.84 MB
Available Pagefile: 2065.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:213.72 GB) (Free:142.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.87 GB) (Free:2.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A6C460D8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=213.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 21 April 2015 - 08:58 AM

Thanks for getting through that. Do you use the below program and if so are you having problems with it?

Big Fish: Game Manager

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {2EDF6FE4-23BC-4CD1-8946-59CA0A7F5181} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
Task: {4CB46921-996D-4B38-8C5C-459F2A7DD4B6} - \RGames Updater No Task File <==== ATTENTION
Task: {9857B7B7-CDFD-4431-9CBD-4A7A164F668F} - System32\Tasks\{B2D87A32-31B3-4B6A-98E6-A7CE975459EB} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G\angel212a1[1].exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G
Task: {E758E4F9-0EBC-4965-B031-A95A42F148E1} - System32\Tasks\{EA306C2C-8A02-40A5-94D2-5F5C2D5F7599} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F\angel212b[1].exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F
Task: {FA694EF8-C9D2-47ED-8335-F67C2A1388A2} - System32\Tasks\{F936271E-2412-46AB-85D4-234B273E0DBE} => pcalua.exe -a "C:\Users\sheila\Desktop\New folder\angel211b.exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\Desktop\New folder\angel211b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:08677BDD
AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
AlternateDataStreams: C:\ProgramData\Temp:092BD83A
AlternateDataStreams: C:\ProgramData\Temp:0C988F7D
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11E79CC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1E2D49E0
AlternateDataStreams: C:\ProgramData\Temp:207C4C79
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:26991AB9
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:322D2CD3
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3A6BC948
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:4112A0B6
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:47BC930A
AlternateDataStreams: C:\ProgramData\Temp:48FEA089
AlternateDataStreams: C:\ProgramData\Temp:4AA3DAA3
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54380FEC
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:5511B474
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56781F72
AlternateDataStreams: C:\ProgramData\Temp:57CC1FDC
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:608F405E
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:67E674B0
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:710768C7
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:76987FE5
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:80B291A7
AlternateDataStreams: C:\ProgramData\Temp:869C6B4A
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:89C2A42C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:92F3A33D
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:950C96ED
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A31B5E9B
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A6116FBB
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:BDCD0530
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C7A3B688
AlternateDataStreams: C:\ProgramData\Temp:C820549A
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:D4BB0AD6
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EEFA1B22
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Big Fish?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2015 - 09:39 AM

bigfish is a subscription game service that is used on this computer and as far as i know there are no issues with it. 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by sheila at 2015-04-21 10:37:29 Run:3
Running from C:\Users\sheila\Desktop
Loaded Profiles: sheila (Available profiles: sheila)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {2EDF6FE4-23BC-4CD1-8946-59CA0A7F5181} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
Task: {4CB46921-996D-4B38-8C5C-459F2A7DD4B6} - \RGames Updater No Task File <==== ATTENTION
Task: {9857B7B7-CDFD-4431-9CBD-4A7A164F668F} - System32\Tasks\{B2D87A32-31B3-4B6A-98E6-A7CE975459EB} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G\angel212a1[1].exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G
Task: {E758E4F9-0EBC-4965-B031-A95A42F148E1} - System32\Tasks\{EA306C2C-8A02-40A5-94D2-5F5C2D5F7599} => pcalua.exe -a "C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F\angel212b[1].exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F
Task: {FA694EF8-C9D2-47ED-8335-F67C2A1388A2} - System32\Tasks\{F936271E-2412-46AB-85D4-234B273E0DBE} => pcalua.exe -a "C:\Users\sheila\Desktop\New folder\angel211b.exe" -d C:\Users\sheila\Desktop
C:\Users\sheila\Desktop\New folder\angel211b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:08677BDD
AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
AlternateDataStreams: C:\ProgramData\Temp:092BD83A
AlternateDataStreams: C:\ProgramData\Temp:0C988F7D
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11E79CC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1E2D49E0
AlternateDataStreams: C:\ProgramData\Temp:207C4C79
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:26991AB9
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:322D2CD3
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3A6BC948
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:4112A0B6
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:47BC930A
AlternateDataStreams: C:\ProgramData\Temp:48FEA089
AlternateDataStreams: C:\ProgramData\Temp:4AA3DAA3
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54380FEC
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:5511B474
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56781F72
AlternateDataStreams: C:\ProgramData\Temp:57CC1FDC
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:608F405E
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:67E674B0
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:710768C7
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:76987FE5
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:80B291A7
AlternateDataStreams: C:\ProgramData\Temp:869C6B4A
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:89C2A42C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:92F3A33D
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:950C96ED
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A31B5E9B
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A6116FBB
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:BDCD0530
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C7A3B688
AlternateDataStreams: C:\ProgramData\Temp:C820549A
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:D4BB0AD6
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EEFA1B22
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EDF6FE4-23BC-4CD1-8946-59CA0A7F5181}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EDF6FE4-23BC-4CD1-8946-59CA0A7F5181}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully.
"C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB46921-996D-4B38-8C5C-459F2A7DD4B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB46921-996D-4B38-8C5C-459F2A7DD4B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RGames Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9857B7B7-CDFD-4431-9CBD-4A7A164F668F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9857B7B7-CDFD-4431-9CBD-4A7A164F668F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B2D87A32-31B3-4B6A-98E6-A7CE975459EB} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2D87A32-31B3-4B6A-98E6-A7CE975459EB}" => Key deleted successfully.
"C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSR927G" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E758E4F9-0EBC-4965-B031-A95A42F148E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E758E4F9-0EBC-4965-B031-A95A42F148E1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EA306C2C-8A02-40A5-94D2-5F5C2D5F7599} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA306C2C-8A02-40A5-94D2-5F5C2D5F7599}" => Key deleted successfully.
"C:\Users\sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXUJDL1F" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA694EF8-C9D2-47ED-8335-F67C2A1388A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA694EF8-C9D2-47ED-8335-F67C2A1388A2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F936271E-2412-46AB-85D4-234B273E0DBE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F936271E-2412-46AB-85D4-234B273E0DBE}" => Key deleted successfully.
"C:\Users\sheila\Desktop\New folder\angel211b.exe" => File/Directory not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
"C:\Windows\TEMP\{9090F168-A504-4F31-898C-EF859B8404F5}.exe" => File/Directory not found.
C:\ProgramData\Temp => ":03D08225" ADS removed successfully.
C:\ProgramData\Temp => ":08677BDD" ADS removed successfully.
C:\ProgramData\Temp => ":08DB8D99" ADS removed successfully.
C:\ProgramData\Temp => ":092BD83A" ADS removed successfully.
C:\ProgramData\Temp => ":0C988F7D" ADS removed successfully.
C:\ProgramData\Temp => ":0E684AC9" ADS removed successfully.
C:\ProgramData\Temp => ":11590865" ADS removed successfully.
C:\ProgramData\Temp => ":11E79CC9" ADS removed successfully.
C:\ProgramData\Temp => ":12258D63" ADS removed successfully.
C:\ProgramData\Temp => ":1234ADAE" ADS removed successfully.
C:\ProgramData\Temp => ":160ADF0B" ADS removed successfully.
C:\ProgramData\Temp => ":1A15E356" ADS removed successfully.
C:\ProgramData\Temp => ":1E2D49E0" ADS removed successfully.
C:\ProgramData\Temp => ":207C4C79" ADS removed successfully.
C:\ProgramData\Temp => ":24C072FF" ADS removed successfully.
C:\ProgramData\Temp => ":260575F1" ADS removed successfully.
C:\ProgramData\Temp => ":26499772" ADS removed successfully.
C:\ProgramData\Temp => ":26991AB9" ADS removed successfully.
C:\ProgramData\Temp => ":27A88EF2" ADS removed successfully.
C:\ProgramData\Temp => ":29C0641D" ADS removed successfully.
C:\ProgramData\Temp => ":2AD33723" ADS removed successfully.
C:\ProgramData\Temp => ":2B5C4773" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":2E636DD9" ADS removed successfully.
C:\ProgramData\Temp => ":31C9BA96" ADS removed successfully.
C:\ProgramData\Temp => ":322D2CD3" ADS removed successfully.
C:\ProgramData\Temp => ":33384BC0" ADS removed successfully.
C:\ProgramData\Temp => ":363E775E" ADS removed successfully.
C:\ProgramData\Temp => ":38FF076E" ADS removed successfully.
C:\ProgramData\Temp => ":3A6BC948" ADS removed successfully.
C:\ProgramData\Temp => ":3ABC38E6" ADS removed successfully.
C:\ProgramData\Temp => ":3C4BD225" ADS removed successfully.
C:\ProgramData\Temp => ":3E8A3E87" ADS removed successfully.
C:\ProgramData\Temp => ":3EC5BC08" ADS removed successfully.
C:\ProgramData\Temp => ":4112A0B6" ADS removed successfully.
C:\ProgramData\Temp => ":41289DF0" ADS removed successfully.
C:\ProgramData\Temp => ":43F5FA9D" ADS removed successfully.
C:\ProgramData\Temp => ":47BC930A" ADS removed successfully.
C:\ProgramData\Temp => ":48FEA089" ADS removed successfully.
C:\ProgramData\Temp => ":4AA3DAA3" ADS removed successfully.
C:\ProgramData\Temp => ":4B244549" ADS removed successfully.
C:\ProgramData\Temp => ":538A9F02" ADS removed successfully.
C:\ProgramData\Temp => ":54380FEC" ADS removed successfully.
C:\ProgramData\Temp => ":5453E5AF" ADS removed successfully.
C:\ProgramData\Temp => ":5511B474" ADS removed successfully.
C:\ProgramData\Temp => ":566B9179" ADS removed successfully.
C:\ProgramData\Temp => ":56781F72" ADS removed successfully.
C:\ProgramData\Temp => ":57CC1FDC" ADS removed successfully.
C:\ProgramData\Temp => ":5A15BCD4" ADS removed successfully.
C:\ProgramData\Temp => ":5ACE199E" ADS removed successfully.
C:\ProgramData\Temp => ":5D351BC6" ADS removed successfully.
C:\ProgramData\Temp => ":5E73E1C2" ADS removed successfully.
C:\ProgramData\Temp => ":608F405E" ADS removed successfully.
C:\ProgramData\Temp => ":639BB5E9" ADS removed successfully.
C:\ProgramData\Temp => ":678C1866" ADS removed successfully.
C:\ProgramData\Temp => ":67E674B0" ADS removed successfully.
C:\ProgramData\Temp => ":6896CCCE" ADS removed successfully.
C:\ProgramData\Temp => ":6B709AD7" ADS removed successfully.
C:\ProgramData\Temp => ":6DDFD746" ADS removed successfully.
C:\ProgramData\Temp => ":710768C7" ADS removed successfully.
C:\ProgramData\Temp => ":737160C1" ADS removed successfully.
C:\ProgramData\Temp => ":76987FE5" ADS removed successfully.
C:\ProgramData\Temp => ":7BB584AA" ADS removed successfully.
C:\ProgramData\Temp => ":7D288858" ADS removed successfully.
C:\ProgramData\Temp => ":80B291A7" ADS removed successfully.
C:\ProgramData\Temp => ":869C6B4A" ADS removed successfully.
C:\ProgramData\Temp => ":874ADA37" ADS removed successfully.
C:\ProgramData\Temp => ":89C2A42C" ADS removed successfully.
C:\ProgramData\Temp => ":8B480195" ADS removed successfully.
C:\ProgramData\Temp => ":8C12CFCD" ADS removed successfully.
C:\ProgramData\Temp => ":8C6D2EC3" ADS removed successfully.
C:\ProgramData\Temp => ":8E5EA40F" ADS removed successfully.
C:\ProgramData\Temp => ":92F3A33D" ADS removed successfully.
C:\ProgramData\Temp => ":94B46CA2" ADS removed successfully.
C:\ProgramData\Temp => ":950C96ED" ADS removed successfully.
C:\ProgramData\Temp => ":997DA6D7" ADS removed successfully.
C:\ProgramData\Temp => ":99AC3203" ADS removed successfully.
C:\ProgramData\Temp => ":9BB8C675" ADS removed successfully.
C:\ProgramData\Temp => ":A02025CE" ADS removed successfully.
C:\ProgramData\Temp => ":A0921B2C" ADS removed successfully.
C:\ProgramData\Temp => ":A31B5E9B" ADS removed successfully.
C:\ProgramData\Temp => ":A4241298" ADS removed successfully.
C:\ProgramData\Temp => ":A6116FBB" ADS removed successfully.
C:\ProgramData\Temp => ":A6E01F67" ADS removed successfully.
C:\ProgramData\Temp => ":A9ABA3FF" ADS removed successfully.
C:\ProgramData\Temp => ":AE34D87E" ADS removed successfully.
C:\ProgramData\Temp => ":AECF4772" ADS removed successfully.
C:\ProgramData\Temp => ":AFC732F7" ADS removed successfully.
C:\ProgramData\Temp => ":B139DDF3" ADS removed successfully.
C:\ProgramData\Temp => ":B54E4B5A" ADS removed successfully.
C:\ProgramData\Temp => ":B6E6C4EA" ADS removed successfully.
C:\ProgramData\Temp => ":B80659FA" ADS removed successfully.
C:\ProgramData\Temp => ":BC8E9899" ADS removed successfully.
C:\ProgramData\Temp => ":BCF55336" ADS removed successfully.
C:\ProgramData\Temp => ":BDCD0530" ADS removed successfully.
C:\ProgramData\Temp => ":BE40C8A2" ADS removed successfully.
C:\ProgramData\Temp => ":BF6C4AAC" ADS removed successfully.
C:\ProgramData\Temp => ":C22674B6" ADS removed successfully.
C:\ProgramData\Temp => ":C7A3B688" ADS removed successfully.
C:\ProgramData\Temp => ":C820549A" ADS removed successfully.
C:\ProgramData\Temp => ":C9B27A06" ADS removed successfully.
C:\ProgramData\Temp => ":D2397415" ADS removed successfully.
C:\ProgramData\Temp => ":D31BE97C" ADS removed successfully.
C:\ProgramData\Temp => ":D4BB0AD6" ADS removed successfully.
C:\ProgramData\Temp => ":D6D084A5" ADS removed successfully.
C:\ProgramData\Temp => ":DC7EDF41" ADS removed successfully.
C:\ProgramData\Temp => ":E402E439" ADS removed successfully.
C:\ProgramData\Temp => ":E5BA9ADD" ADS removed successfully.
C:\ProgramData\Temp => ":E87AB4E3" ADS removed successfully.
C:\ProgramData\Temp => ":EA701346" ADS removed successfully.
C:\ProgramData\Temp => ":EDDBC69E" ADS removed successfully.
C:\ProgramData\Temp => ":EEFA1B22" ADS removed successfully.
C:\ProgramData\Temp => ":F2AF86D9" ADS removed successfully.
C:\ProgramData\Temp => ":F68CB1A4" ADS removed successfully.
C:\ProgramData\Temp => ":F98E6C67" ADS removed successfully.
C:\ProgramData\Temp => ":FBD274CF" ADS removed successfully.
 
==== End of Fixlog 10:37:31 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 21 April 2015 - 01:14 PM

Greetings,

There are a number of errors in your log related to Big Fish but since it is running fine we will leave it alone.

How is your computer running? What symptoms are you experiencing, if any?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 22 April 2015 - 06:10 PM

it seems to run for a minute then hang...then run ....then hang...just kind of "chunky" if that makes sense. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 AM

Posted 22 April 2015 - 06:18 PM

Thank you John. Can you tell me how your computer runs when you boot into Safe Mode with Networking?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users