Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdChoices, hang ups, Help?


  • This topic is locked This topic is locked
20 replies to this topic

#1 owd66

owd66

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 26 May 2015 - 08:40 PM

I Need help getting rid of Ad Choices if possible. Machine running slow with hang-ups becoming much more frequent. can you help? 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 28 May 2015 - 07:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 02 June 2015 - 07:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 02 June 2015 - 10:04 AM

This topic has been re-opened at the request of the person who originally posted.

#5 owd66

owd66
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 04 June 2015 - 06:52 AM

nasdaq,

 

Process not going well.  Cannot run MBAM through to completion.  Repeatedly hangs up during the 'Scan file System' step.  Last two attempts both hung while scanning in 'C:/$recycle.bin...'.  Windows also stops, have to hard boot to restart the machine.

 

Next step?

 

OWD66



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 04 June 2015 - 08:20 AM

Run the other tools for now and post the logs.

#7 owd66

owd66
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 05 June 2015 - 08:28 AM

nasdaq, 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01 (ATTENTION: ====> FRSTversion is 9 days old and could be outdated)
Ran by John (administrator) on JOHN-PC on 05-06-2015 08:59:51
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Quick Technologies Inc.) C:\Program Files\SAGE\SAGEim\SAGEim.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\CGS.scr [6801416 2007-12-21] (Axialis Software)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2014-06-08]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-06-19]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Maximizer Setup.lnk [2013-02-19]
ShortcutTarget: Maximizer Setup.lnk -> D:\Max7\MxSetup.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-06-19]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-06-19]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SAGEim.lnk [2012-11-29]
ShortcutTarget: SAGEim.lnk -> C:\Program Files\SAGE\SAGEim\SAGEim.exe (Quick Technologies Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-07-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll [2010-12-21] (IBM Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll [2006-11-16] (Microsoft Corporation)
Winsock: Catalog5 000000000007 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corp.)
Winsock: Catalog5 000000000008 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corp.)
Winsock: Catalog5 000000000009 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-30]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-30]
CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-05-02] (Macrovision Europe Ltd.) [File not signed]
S2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 Reflex USB V3 Smart card reader; C:\Windows\System32\DRIVERS\RCCIDW2K.sys [46848 2006-05-24] (Axalto)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [63104 2015-02-17] (Identiv)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
S1 jvnioxgb; \??\C:\Windows\system32\drivers\jvnioxgb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 08:36 - 2015-06-04 08:36 - 00000987 _____ () C:\Users\John\Desktop\AdwCleaner[S1].txt
2015-06-04 08:17 - 2015-06-04 08:17 - 00000925 _____ () C:\Users\John\Desktop\AdwCleaner[R0].txt
2015-06-04 08:16 - 2015-06-04 08:16 - 00000925 _____ () C:\Users\John\Desktop\AdwCleaner.txt
2015-06-04 08:11 - 2015-06-04 08:11 - 02231296 _____ () C:\Users\John\Desktop\adwcleaner_4.206.exe
2015-05-28 14:34 - 2015-05-28 14:34 - 00000000 ____D () C:\Users\John\Documents\Corel User Files
2015-05-28 14:04 - 2015-05-28 14:32 - 00053594 _____ () C:\Users\John\Desktop\Addition.txt
2015-05-28 14:01 - 2015-06-05 08:59 - 00017766 _____ () C:\Users\John\Desktop\FRST.txt
2015-05-28 14:01 - 2015-06-05 08:59 - 00000000 ____D () C:\FRST
2015-05-28 14:01 - 2015-05-28 14:01 - 01147392 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2015-05-28 13:14 - 2015-06-04 08:18 - 00000000 ____D () C:\AdwCleaner
2015-05-28 09:51 - 2015-06-05 08:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 09:51 - 2015-06-03 22:17 - 00001065 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-28 09:51 - 2015-06-03 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 09:51 - 2015-06-03 22:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-28 09:51 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 09:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-28 09:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-28 09:50 - 2015-05-28 09:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-26 21:19 - 2015-05-26 21:19 - 00002156 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-26 21:19 - 2015-05-26 21:19 - 00000000 ___RD () C:\Users\John\OneDrive
2015-05-26 21:18 - 2015-05-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-05-24 15:36 - 2015-05-24 15:36 - 00000000 ____D () C:\Windows\Temp731BB48F-5EF4-8AB3-9889-E07CF9568729-Signatures
2015-05-24 15:35 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 07:32 - 2015-05-15 07:33 - 00000079 _____ () C:\Windows\wininit.ini
2015-05-12 19:18 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 19:18 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 19:18 - 2015-04-21 11:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 19:18 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 19:18 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 19:18 - 2015-04-19 22:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 19:18 - 2015-04-19 22:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 19:18 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 19:18 - 2015-04-12 23:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 19:18 - 2015-04-03 23:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 19:18 - 2015-04-03 23:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 19:18 - 2015-04-03 23:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 19:18 - 2015-04-03 23:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 19:18 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 19:18 - 2015-04-03 23:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 19:18 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 19:18 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 19:18 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 19:17 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 19:17 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 19:17 - 2015-04-21 12:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 19:17 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 19:17 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 19:17 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 19:17 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 19:17 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 19:17 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 19:17 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 19:17 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 19:17 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 19:17 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 19:17 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 19:17 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 19:17 - 2015-04-21 11:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 19:17 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 19:17 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 19:17 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 19:17 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 19:17 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 19:17 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 19:17 - 2015-04-21 11:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 19:17 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 19:17 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 19:17 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 19:17 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 19:17 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 19:17 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 19:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 19:16 - 2015-04-07 23:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 19:16 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 08:59 - 2014-04-30 08:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 08:58 - 2012-01-22 13:57 - 01466668 _____ () C:\Windows\WindowsUpdate.log
2015-06-05 08:55 - 2012-04-04 09:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 08:49 - 2009-07-14 00:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 08:48 - 2009-07-14 00:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 08:41 - 2012-03-03 13:14 - 00000000 ____D () C:\Users\John\Documents\GI QB Files
2015-06-05 08:40 - 2012-03-12 23:37 - 00000000 ___RD () C:\Users\John\Dropbox
2015-06-05 08:40 - 2012-03-12 23:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-06-05 08:38 - 2014-04-30 08:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 08:37 - 2013-06-03 06:11 - 00038530 _____ () C:\Windows\setupact.log
2015-06-05 08:37 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-05 08:13 - 2012-10-24 10:19 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-06-04 11:00 - 2012-03-03 17:47 - 00000000 ___HD () C:\Users\John\AppData\Local\Axialis
2015-06-04 07:10 - 2011-09-22 16:54 - 00000000 ___HD () C:\Users\John
2015-06-03 11:35 - 2012-04-23 15:38 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-06-02 22:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-01 11:28 - 2015-05-05 14:04 - 00000000 ____D () C:\Users\John\Documents\GIP QB 2015
2015-05-28 13:23 - 2013-06-20 09:52 - 00010090 _____ () C:\Windows\PFRO.log
2015-05-28 12:11 - 2012-06-20 16:55 - 00000000 ____D () C:\Windows\rescache
2015-05-28 09:51 - 2011-09-28 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 15:10 - 2011-09-22 16:57 - 00892458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 10:12 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-27 06:44 - 2012-04-27 08:19 - 00002122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-27 06:44 - 2011-09-28 14:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-27 06:43 - 2011-09-28 14:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-27 06:35 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-26 21:11 - 2013-10-01 10:24 - 00000000 ____D () C:\Users\John\Documents\file all
2015-05-26 20:32 - 2012-05-21 12:58 - 01206784 ___SH () C:\Users\John\Documents\Thumbs.db
2015-05-26 09:02 - 2014-04-30 08:53 - 00002134 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 16:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-24 16:03 - 2009-07-14 00:33 - 01972624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-24 15:59 - 2012-01-22 15:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-24 15:42 - 2012-03-04 08:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-24 15:33 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-24 15:20 - 2011-09-23 11:36 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-24 15:11 - 2012-01-22 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 09:52 - 2013-12-14 22:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-15 07:32 - 2013-07-21 11:28 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2015-05-15 07:32 - 2013-07-21 11:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 15:11 - 2013-06-23 21:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 10:00 - 2012-03-12 23:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-02-17 10:02 - 2014-02-17 10:09 - 0000546 _____ () C:\Users\John\AppData\Roaming\BCMMappings.xml
2013-04-01 10:54 - 2013-04-01 10:54 - 0012965 _____ () C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).CAL
2013-08-23 09:23 - 2013-08-23 09:32 - 0020523 _____ () C:\Users\John\AppData\Roaming\FileDrTool.log
2014-02-17 10:02 - 2014-02-17 10:09 - 0002019 _____ () C:\Users\John\AppData\Roaming\Mens' Club Roster.csv.6047035.xml
2014-10-30 23:02 - 2014-10-30 23:02 - 0007605 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2012-04-23 15:38 - 2015-06-03 11:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvtaq_.dll
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 15:18

==================== End of log ============================

 

 

# AdwCleaner v4.206 - Logfile created 04/06/2015 at 08:18:17
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Google Chrome v43.0.2357.81

*************************

AdwCleaner[R0].txt - [925 bytes] - [28/05/2015 13:15:18]
AdwCleaner[R1].txt - [1531 bytes] - [28/05/2015 13:19:48]
AdwCleaner[R2].txt - [925 bytes] - [04/06/2015 08:12:49]
AdwCleaner[S0].txt - [1399 bytes] - [28/05/2015 13:21:54]
AdwCleaner[S1].txt - [850 bytes] - [04/06/2015 08:18:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [908  bytes] ##########



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 05 June 2015 - 01:37 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Maximizer Setup.lnk [2013-02-19]
ShortcutTarget: Maximizer Setup.lnk -> D:\Max7\MxSetup.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
S1 jvnioxgb; \??\C:\Windows\system32\drivers\jvnioxgb.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.
===

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Can you now run MBAM?

If not please post the exact error message for my review.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 11 June 2015 - 12:48 PM

Are you still with me?

#10 owd66

owd66
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 11 June 2015 - 01:18 PM

nasdaq, thanks for your patience. 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by John at 2015-06-05 16:19:40 Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Maximizer Setup.lnk [2013-02-19]
ShortcutTarget: Maximizer Setup.lnk -> D:\Max7\MxSetup.exe (No
File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460278056-1054532467-979469722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
S1 jvnioxgb; \??\C:\Windows\system32\drivers\jvnioxgb.sys [X]

End

.

 

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key Removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Maximizer Setup.lnk => Moved successfully.
ShortcutTarget: Maximizer Setup.lnk -> D:\Max7\MxSetup.exe (No not found.
File) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
"HKU\S-1-5-21-2460278056-1054532467-979469722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
"HKCR\PROTOCOLS\Handler\livecall" => key Removed successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => key Removed successfully.
"HKCR\PROTOCOLS\Handler\msnim" => key Removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully.
catchme => Service Removed successfully.
jvnioxgb => Service Removed successfully.
. => Error: No automatic fix found for this entry.

The system needed a reboot.

==== End of Fixlog 16:20:07 ====

 

Browser history successfully cleared.

 

Clear cache unsuccessful-  When I open the F12 Developer tools, I don't see Cache on the menu bar.

 

 

***************************************

 

MBAM did not run successfully.  Hangs up while scanning the same folder as before.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 12 June 2015 - 06:07 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#12 owd66

owd66
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 12 June 2015 - 07:25 AM

RogueKiller V10.8.2.0 [Jun  9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : John [Administrator]
Started from : C:\Users\John\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/12/2015  08:23:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-2460278056-1054532467-979469722-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2460278056-1054532467-979469722-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Test TimeTrigger -- C:\Users\John\AppData\Local\Temp\Runner.exe (C:\Users\John\AppData\Local\Temp\DNS.exe) -> Not selected

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB ATA Device +++++
--- User ---
[MBR] 38d4b1eb8b8490d3f1e4e7c1db5bd6bf
[BSP] 7d443930e23cdeaaa68fec9ca2059bd6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 313 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 642600 | Size: 476623 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP CP1518ni USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_06122015_082150.log



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 12 June 2015 - 07:39 AM

Run the RogueKiller tool and fix this item.

[Suspicious.Path] \\Test TimeTrigger -- C:\Users\John\AppData\Local\Temp\Runner.exe (C:\Users\John\AppData\Local\Temp\DNS.exe) -> Not selected

How is the computer running now?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 18 June 2015 - 08:35 AM

Are you still with me?

#15 owd66

owd66
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 June 2015 - 09:36 AM

Yes, I am still here.  The computer is running much better and faster.  Ads are gone.  That being said, the computer still hangs.  I've been watching to see if I can find a pattern but no luck.  the hangs are quite random and occur across different programs such as MS Office, Corel, quickbooks among others.  are there additional steps that might be able to alleviate the hangs?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users