Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Under attack by Cassiopesa and other things


  • This topic is locked This topic is locked
20 replies to this topic

#1 Dark Raven

Dark Raven

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 06 June 2015 - 06:43 PM

This attack has just happened recently when I was trying to download a fan game. After that, all sorts of things popped up that I never downloaded and whenever I open a browser, it links up to something called Cassiopesa. I'm new to this site, so the help will be appreciated!

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 07 June 2015 - 10:24 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 07 June 2015 - 07:13 PM

So far, everytime I try to download FRST, it prevents me from doing so by saying ''The Publisher cannot be verified'', then saying if I press ''Run'', that Windows Smartscreen ''protected'' me, stopping the download altogether.

Edited by Dark Raven, 07 June 2015 - 11:50 PM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 08 June 2015 - 02:23 AM

You have to allow the downlaod.
 

http://www.eightforums.com/tutorials/2631-windows-smartscreen-turn-off-windows-8-a.html


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 08 June 2015 - 04:46 PM

I got it downloaded! Thanks! But, how would I start it with administrator privileges? Thank you for your time!

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 08 June 2015 - 04:57 PM

Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 08 June 2015 - 06:55 PM

Here it is!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ??? (administrator) on ??? on 08-06-2015 19:15:08
Running from C:\Users\???\Desktop
Loaded Profiles: ??? (Available Profiles: ???)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Pokki) C:\Users\???\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Crawler Group) C:\Program Files (x86)\Crawler Toolbar\Crawler.exe
(Installer Technology Co.) C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3742528 2015-03-25] (Crawler Group)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5412672 2015-03-25] (Crawler Group)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [CrawlerToolbar] => C:\Program Files (x86)\Crawler Toolbar\Crawler.exe [1423688 2015-04-10] (Crawler Group)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCheck] => C:\Users\???\AppData\Local\34444335-1433547162-5031-5739-6CC2176D0F26\bnsoBE0D.exe [359936 2015-06-05] ()
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [3628824 2015-03-26] (Crawler Group)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #8] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe [7853568 2015-05-29] (Pokki)
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #6] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe [7853568 2015-05-29] (Pokki)
AppInit_DLLs-x32: C:\PROGRA~3\{0A72E~1\1172~1.1\rise.dll => C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\rise.dll [781312 2015-06-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-17]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:60676;https=127.0.0.1:60676
ProxyEnable: [S-1-5-21-2418113219-119105201-894429124-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2418113219-119105201-894429124-1001] => http=127.0.0.1:60676;https=127.0.0.1:60676
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
SearchScopes: HKLM -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> {648117E7-DB0B-469F-8CD1-14294AADA546} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.15.5.30&apn_uid=0E940EA9-79DE-483E-A9F0-62D9A4E80AEE&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17239&doi=2014-08-21&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10021&iwk=331&lng=en
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2015-04-28] (APN LLC.)
BHO: Crawler Toolbar -> {9234F5E0-56CC-4F0B-AAE4-0D4BD5032180} -> C:\Program Files (x86)\Crawler Toolbar\Crawler64.dll [2015-04-10] (Crawler Group)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-04-28] (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Crawler Toolbar -> {9234F5E0-56CC-4F0B-AAE4-0D4BD5032180} -> C:\Program Files (x86)\Crawler Toolbar\Crawler.dll [2015-04-10] (Crawler Group)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM - &Crawler Toolbar - {C4D78C72-08DB-4A3F-9175-B265157283F3} - C:\Program Files (x86)\Crawler Toolbar\Crawler64.dll [2015-04-10] (Crawler Group)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM-x32 - &Crawler Toolbar - {C4D78C72-08DB-4A3F-9175-B265157283F3} - C:\Program Files (x86)\Crawler Toolbar\Crawler.dll [2015-04-10] (Crawler Group)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> &Crawler Toolbar - {C4D78C72-08DB-4A3F-9175-B265157283F3} - C:\Program Files (x86)\Crawler Toolbar\Crawler64.dll [2015-04-10] (Crawler Group)
Handler: crawler - {4545C96B-15D0-4E22-8DDE-6F2CAF531281} - C:\Program Files (x86)\Crawler Toolbar\Crawler64.dll [2015-04-10] (Crawler Group)
Handler-x32: crawler - {4545C96B-15D0-4E22-8DDE-6F2CAF531281} - C:\Program Files (x86)\Crawler Toolbar\Crawler64.dll [2015-04-10] (Crawler Group)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-17]

Chrome:
=======
CHR Profile: C:\Users\???\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
CHR Extension: (Google Drive) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (YouTube) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
CHR Extension: (Google Search) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
CHR Extension: (Bookmark Manager) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-21]
CHR Extension: (Gmail) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-21]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 caa89563; c:\Program Files (x86)\Optimizer Pro 3.95\OptProMon.dll [1781392 2015-06-05] () <==== ATTENTION
R2 dequzody; C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp [167424 2015-06-05] () [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [702232 2015-03-26] (Crawler Group)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3006784 2015-03-25] (Crawler Group)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R2 WajaInternetEnhancer Service; C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [1073664 2015-06-04] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 18:04 - 2015-06-08 18:06 - 00037044 _____ C:\Users\???\Desktop\Addition.txt
2015-06-08 18:03 - 2015-06-08 19:15 - 00030709 _____ C:\Users\???\Desktop\FRST.txt
2015-06-08 17:35 - 2015-06-08 17:36 - 02108928 _____ (Farbar) C:\Users\???\Desktop\FRST64.exe
2015-06-08 17:33 - 2015-06-08 19:15 - 00000000 ____D C:\FRST
2015-06-08 17:33 - 2015-06-08 17:33 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64 (2).exe
2015-06-08 17:33 - 2015-06-08 17:33 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (3).exe
2015-06-07 20:11 - 2015-06-07 20:12 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (2).exe
2015-06-07 20:09 - 2015-06-07 20:09 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64 (1).exe
2015-06-07 20:08 - 2015-06-07 20:08 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64.exe
2015-06-07 20:08 - 2015-06-07 20:08 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (1).exe
2015-06-07 20:07 - 2015-06-07 20:07 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST.exe
2015-06-07 20:03 - 2015-06-07 20:03 - 00001152 _____ C:\Users\???\Desktop\Continue Live Installation.lnk
2015-06-06 14:54 - 2015-06-06 14:54 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-06 14:54 - 2015-06-06 14:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-06 09:52 - 2015-06-06 09:52 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-06 09:35 - 2015-06-06 09:35 - 00000000 ____D C:\Users\???\Downloads\SMBOdyssey
2015-06-06 09:34 - 2015-06-06 09:34 - 32981083 _____ C:\Users\???\Downloads\SMBOdyssey.zip
2015-06-05 23:38 - 2015-06-05 23:38 - 00003270 _____ C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-06-05 23:38 - 2015-06-05 23:38 - 00000000 ____D C:\Users\???\Documents\Optimizer Pro
2015-06-05 23:38 - 2015-06-05 23:38 - 00000000 ____D C:\Users\???\AppData\Roaming\Optimizer Pro
2015-06-05 23:36 - 2015-06-05 23:36 - 00000000 ____D C:\Users\???\AppData\Roaming\One System Care
2015-06-05 23:34 - 2015-06-08 17:38 - 00000000 ____D C:\Users\???\AppData\Local\34444335-1433547298-5031-5739-6CC2176D0F26
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Users\???\AppData\Roaming\PC Tech Hotline
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Users\???\AppData\Roaming\OpenSoftwareUpdater
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Program Files (x86)\PCTechHotline
2015-06-05 23:32 - 2015-06-06 09:28 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 3.95
2015-06-05 23:32 - 2015-06-05 23:34 - 00000000 ____D C:\ProgramData\Spyware Clear
2015-06-05 23:32 - 2015-06-05 23:33 - 00000000 ____D C:\Program Files (x86)\Spyware Clear
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\Users\???\AppData\Roaming\Spyware Clear
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\Users\???\AppData\Local\34444335-1433547162-5031-5739-6CC2176D0F26
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaInternetEnhancer
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\Program Files (x86)\Wajam
2015-06-05 23:32 - 2015-06-05 23:32 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-06-05 23:32 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-05 23:31 - 2015-06-08 19:13 - 00000304 _____ C:\Windows\Tasks\One System CareStartUp.job
2015-06-05 23:31 - 2015-06-08 18:31 - 00000326 _____ C:\Windows\Tasks\Tny_cassiopesa.job
2015-06-05 23:31 - 2015-06-08 17:35 - 00000000 ____D C:\Users\???\AppData\Roaming\VOPackage
2015-06-05 23:31 - 2015-06-08 17:31 - 00000368 _____ C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job
2015-06-05 23:31 - 2015-06-07 20:05 - 00000000 ____D C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26
2015-06-05 23:31 - 2015-06-06 11:31 - 00000000 ____D C:\ProgramData\{016aaf46-a15a-b249-016a-aaf46a15bd1a}
2015-06-05 23:31 - 2015-06-06 09:20 - 00000304 _____ C:\Windows\Tasks\One System CarePeriod.job
2015-06-05 23:31 - 2015-06-05 23:32 - 00000000 ____D C:\Program Files (x86)\WajaInternetEnhancer
2015-06-05 23:31 - 2015-06-05 23:32 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-06-05 23:31 - 2015-06-05 23:31 - 00004122 _____ C:\Windows\System32\Tasks\Cassiopesa rise
2015-06-05 23:31 - 2015-06-05 23:31 - 00003326 _____ C:\Windows\System32\Tasks\One System Care Run Delay
2015-06-05 23:31 - 2015-06-05 23:31 - 00003260 _____ C:\Windows\System32\Tasks\One System Care Monitor
2015-06-05 23:31 - 2015-06-05 23:31 - 00003260 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32]
2015-06-05 23:31 - 2015-06-05 23:31 - 00002860 _____ C:\Windows\System32\Tasks\One System CarePeriod
2015-06-05 23:31 - 2015-06-05 23:31 - 00002664 _____ C:\Windows\System32\Tasks\Tny_cassiopesa
2015-06-05 23:31 - 2015-06-05 23:31 - 00002564 _____ C:\Windows\System32\Tasks\One System CareStartUp
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\Users\???\AppData\Roaming\Tny_cassiopesa
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\Users\???\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\Program Files (x86)\Tny_Cassiopesa
2015-06-05 23:31 - 2015-06-05 23:31 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-06-05 23:30 - 2015-06-05 23:30 - 00511032 _____ C:\Users\???\Downloads\SoftwareUpdater.exe
2015-06-05 23:30 - 2015-06-05 23:30 - 00000003 _____ C:\Users\???\Desktop\2.txt
2015-06-05 23:30 - 2015-06-05 23:30 - 00000003 _____ C:\Users\???\Desktop\1.txt
2015-06-05 22:38 - 2015-06-05 22:38 - 00000000 ____D C:\Users\???\Documents\SMBOdyssey
2015-05-12 16:08 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 16:08 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 13:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 13:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 13:44 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 13:44 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 13:44 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 13:44 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 13:44 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 13:44 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 13:44 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 13:44 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 13:44 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 13:44 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 13:44 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 13:44 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 13:44 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 13:44 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 13:44 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 13:44 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 13:44 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 13:44 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 13:44 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 13:44 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 13:44 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 13:44 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 13:44 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 13:44 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 13:44 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 13:44 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 13:44 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 13:44 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 13:44 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 13:44 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 13:44 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 13:44 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 13:44 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 13:44 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 13:44 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 13:44 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 13:44 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 13:44 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 13:44 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 13:44 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 13:44 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 13:44 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 13:44 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 13:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 13:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 13:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 13:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 13:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 19:16 - 2014-08-16 06:31 - 00000000 ___DO C:\Users\???\OneDrive
2015-06-08 19:15 - 2014-08-16 06:28 - 00000000 ____D C:\Users\???\AppData\Local\Pokki
2015-06-08 19:14 - 2014-08-21 12:35 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 19:14 - 2014-08-21 12:35 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 19:12 - 2013-08-22 10:46 - 00032299 _____ C:\Windows\setupact.log
2015-06-08 19:12 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 19:12 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-08 19:11 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-08 18:42 - 2014-08-16 06:21 - 02072343 _____ C:\Windows\WindowsUpdate.log
2015-06-08 17:42 - 2014-08-16 06:34 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2418113219-119105201-894429124-1001
2015-06-08 17:35 - 2014-08-16 06:31 - 00000000 ____D C:\Users\???\Documents\Youcam
2015-06-08 17:35 - 2014-06-17 14:34 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-06-08 17:35 - 2014-04-24 12:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-06-06 14:02 - 2014-08-16 16:48 - 00000000 ____D C:\Users\???\AppData\Local\CrashDumps
2015-06-06 09:20 - 2013-08-22 10:44 - 00425864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 23:31 - 2014-08-21 12:35 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 22:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-02 14:57 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-01 22:44 - 2014-08-21 12:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-01 21:43 - 2015-01-18 10:43 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor???$
2015-06-01 21:43 - 2015-01-18 10:43 - 00000376 _____ C:\Windows\Tasks\HPCeeScheduleFor???$.job
2015-06-01 19:20 - 2014-03-18 05:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 19:17 - 2014-08-16 06:48 - 00002324 _____ C:\Users\???\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-06-01 19:14 - 2014-08-16 06:28 - 00000000 ____D C:\Users\???
2015-06-01 19:12 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-01 19:08 - 2014-08-21 12:35 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-01 19:08 - 2014-08-21 12:35 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 20:26 - 2014-08-17 20:47 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-05-12 16:22 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-05-12 16:15 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-12 16:05 - 2014-03-18 05:38 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2014-08-17 00:18 - 2014-08-17 00:18 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\???\AppData\Local\Temp\64283uninstall.exe
C:\Users\???\AppData\Local\Temp\APNSetup.exe
C:\Users\???\AppData\Local\Temp\mVO2A27.exe
C:\Users\???\AppData\Local\Temp\mVO3208.exe
C:\Users\???\AppData\Local\Temp\mVO3787.exe
C:\Users\???\AppData\Local\Temp\mVO4321.exe
C:\Users\???\AppData\Local\Temp\mVO4610.exe
C:\Users\???\AppData\Local\Temp\oct770.tmp.exe
C:\Users\???\AppData\Local\Temp\oct9BBA.tmp.exe
C:\Users\???\AppData\Local\Temp\octAC43.tmp.exe
C:\Users\???\AppData\Local\Temp\octB49C.tmp.exe
C:\Users\???\AppData\Local\Temp\octFBAD.tmp.exe
C:\Users\???\AppData\Local\Temp\octFCDE.tmp.exe
C:\Users\???\AppData\Local\Temp\optprosetup.exe
C:\Users\???\AppData\Local\Temp\ose00000.exe
C:\Users\???\AppData\Local\Temp\Sqlite3.dll
C:\Users\???\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


Edited by Dark Raven, 08 June 2015 - 06:57 PM.


#8 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 08 June 2015 - 07:00 PM

Here's the additional bit! Thanks for your help so far!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ??? at 2015-06-08 19:18:03
Running from C:\Users\???\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2418113219-119105201-894429124-500 - Administrator - Disabled)
Guest (S-1-5-21-2418113219-119105201-894429124-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2418113219-119105201-894429124-1003 - Limited - Enabled)
??? (S-1-5-21-2418113219-119105201-894429124-1001 - Administrator - Enabled) => C:\Users\???

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AOL (HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.4 - Pokki)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Book Alter (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Book Alter)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Crawler Toolbar (HKLM-x32\...\{F13E61C0-917B-4AAD-96CD-7A5860E25A73}_is1) (Version: 6.0.0.49 - Crawler Group) <==== ATTENTION
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{ADD75863-9A69-4C44-9B43-11AE2B12BE51}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{2369F346-79DE-4D08-8999-AACFF6F41A6F}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{dd372384-a281-47d6-8ef4-19cc622dce4e}) (Version: 17.00.1000.1423 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.00.00.1 - OneSystemCare)
OpenSoftwareUpdater (HKLM-x32\...\OpenSoftwareUpdater) (Version:  - )
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited)
PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.102 - Crawler Group) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{7D5D56E5-5869-4D0F-8D6C-6291004F9DF2}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Spyware Clear (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.30 - Crawler Group) <==== ATTENTION!
Start Menu (HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tny_Cassiopesa (HKLM-x32\...\Tny_Cassiopesa) (Version:  - Tny_Cassiopesa)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Wajam (HKLM-x32\...\WajaInternetEnhancer) (Version: 2.32.2.30 (i2.6) - WajaInternetEnhancer) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Word Processor Text Wrap (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Word Processor Text Wrap) <==== ATTENTION
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418113219-119105201-894429124-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

11-05-2015 21:49:58 Scheduled Checkpoint
27-05-2015 21:43:33 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066A38D7-8822-4396-BBAA-56E2744C6823} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {0D148221-0465-4AE1-80E5-A48FA883D04A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {11C75194-2855-407E-A28E-CF2A63256D86} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {171A306C-4F40-4AD6-B520-D11A39BF2B4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {269CA7E2-3544-4F06-AAA0-0A7533AC8A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH42C581Q6 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {329F67E5-A82C-4BC7-B438-0CF5931FD7D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN45E141G7 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {383BEB91-C723-4A11-9641-029605802A13} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {3EC13B08-E24A-4F56-B47E-57D1832AA497} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {499E6047-77DE-4D38-8CBD-CDA7B1EC6F74} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {4C051763-5F7B-4B30-ACE0-0D327E0EF1BA} - System32\Tasks\One System CareStartUp => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {6453882A-D6D6-4F5F-93D8-163F8887C2D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {724454A6-8BDC-4C94-B759-11956975505F} - System32\Tasks\Tny_cassiopesa => C:\Users\???\AppData\Roaming\Tny_cassiopesa\UpdateProc\UpdateTask.exe [2015-06-05] () <==== ATTENTION
Task: {7B8D7CE8-7B55-4CB1-8DC4-1E4AB499F92E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN41U140VC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {7D5A78B7-4910-4FBD-8DC3-D9DEAB1192B3} - System32\Tasks\Bidaily Synchronize Task[3c32] => c:\programdata\{016aaf46-a15a-b249-016a-aaf46a15bd1a}\hqghumeaylnlf.exe [2014-06-05] (PC Utilities Software Limited) <==== ATTENTION
Task: {8F04D2B2-A4C4-459A-8A0B-6854BA942FA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {90A0EFAB-D6A5-400B-BEFC-393C4A680B46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A14FE604-2B59-444D-B7CF-B50155E23234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A33AF9B1-2932-46A8-B85F-03CF4C131634} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {AB69921D-A8D8-4A3F-A7B3-44ABC55CDD07} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B2BA39CD-4170-4C27-BFF2-872742AA22EC} - System32\Tasks\Cassiopesa rise => C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\f
Task: {B4123E8F-1336-41EA-9E6B-94A08D3BDB3B} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {B77699ED-4B51-49E1-A5CC-3EB097C6E3AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN455121G8 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {B7F2C8DC-17DD-491B-8A85-429477AA7119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {BC05106C-7007-49C5-AEA9-5EF20F53D6FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN41N8R44S05RN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C7348511-C6B7-42C2-8732-B5CE0778BCCC} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {D812ED71-0778-446C-8C96-F8B5E1EAC65B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3AN2BMD0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {E4D7DF89-0E6C-48B1-A700-5FE5A3095DC0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {EC974D5F-8594-4692-8D11-8287B08D45C6} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.95\OptProLauncher.exe <==== ATTENTION
Task: {F712E466-3328-4429-A51E-417B9D5623DD} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-05-12] ()
Task: {FCC14DB0-BA8A-45D6-97CD-DF2976BC226C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FD09AAB8-EC63-4CBE-BEED-C479CE1AC10A} - System32\Tasks\HPCeeScheduleForTHEBEZEONE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job => c:\programdata\{016aaf46-a15a-b249-016a-aaf46a15bd1a}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTHEBEZEONE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\One System CareStartUp.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\Tny_cassiopesa.job => C:\Users\???\AppData\Roaming\TNY_CA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-06-05 23:32 - 2015-06-05 23:32 - 00167424 _____ () C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp
2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-06-04 16:57 - 2015-06-04 16:57 - 01073664 _____ () C:\PROGRAM FILES (X86)\WAJAINTERNETENHANCER\WAJAINTERNETENHANCER INTERNET ENHANCER\INTERNETENHANCERSERVICE.EXE
2015-06-04 16:57 - 2015-06-04 16:57 - 00282624 _____ () C:\PROGRAM FILES (X86)\WAJAINTERNETENHANCER\WAJAINTERNETENHANCER INTERNET ENHANCER\INTERNETENHANCER.EXE
2015-05-12 11:57 - 2015-05-12 11:57 - 02239808 _____ () C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-06-05 23:33 - 2015-06-05 23:33 - 01781392 _____ () c:\Program Files (x86)\Optimizer Pro 3.95\OptProMon.dll
2015-06-04 16:57 - 2015-06-04 16:57 - 01073664 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-06-04 16:57 - 2015-06-04 16:57 - 00282624 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe
2015-06-04 16:57 - 2015-06-04 16:57 - 00011776 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\ApiHandlr.dll
2015-05-12 11:57 - 2015-05-12 11:57 - 02239808 _____ () C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-06-17 14:22 - 2014-03-12 02:34 - 00866056 _____ () C:\Program Files (x86)\CyberLink\YouCam\subsys\BigBang\Runtime\UNO.dll
2014-06-17 14:22 - 2011-08-23 22:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd
2015-04-28 16:15 - 2015-04-28 16:15 - 00569856 _____ () C:\Users\???\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 01400846 _____ () C:\Users\???\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 00151054 _____ () C:\Users\???\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 00222734 _____ () C:\Users\???\AppData\Local\Pokki\Engine\avformat-54.dll
2014-06-17 13:57 - 2013-12-10 11:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\???\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418113219-119105201-894429124-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A1E744EA-1EC5-4B4F-AACF-1A6B467D1E64}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{14E62014-22D4-4EB4-B78C-CB777520DC7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{782B6236-98F0-4D72-B773-996C02325596}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E12F69C2-C320-416B-B644-9E4C52D8F860}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{096F1768-FDEF-4A2D-A0DF-5A39FEC2A579}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D441DE34-98B4-440F-BB42-0A8A72D66B40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDA9A183-C187-4DDA-9F36-04EF5EE96773}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{61BB0F52-ED35-4B95-9A92-A14F91C79908}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{04CE44B9-B982-4CEF-8141-3A8D575D3243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C6D12546-5A2E-4375-BBA7-4206751A636C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8FEE15F0-3AED-452E-9C23-3CB23C50DA67}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{1392C526-14C5-43A6-ABD1-DEB6352DF780}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C45DCC13-8629-437A-A3A0-2308399E888A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{523680A8-7A1F-4BCA-99C9-A365B0ADEADB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5B40BB1D-39B7-47EE-A7DD-A08CD3A249B5}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{9F8EABF9-497D-4D91-9BBD-FB1D1436FE84}] => (Allow) LPort=5357
FirewallRules: [{B7EE4D72-DF53-462A-85E1-338F40D752E0}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9E4787E1-6E74-476A-A724-03CD3D3BEEB4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{74A33ADA-89D2-432C-BE57-E9229C52BBFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B05811F3-303D-4613-876F-88726A310C63}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{FA8A5EEA-66B6-4026-909C-CFC52D8CD034}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{D2BBBDFB-B4AE-46C6-B942-768A1DE8C829}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{7B5F6609-2839-4283-85D2-70093A5175FB}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{D3F5D958-FA4F-459F-84AA-94674895D5EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1312

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1312

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 05:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 17.0.0.0, time stamp: 0x52d9e32d
Faulting module name: MurocApi.dll, version: 17.0.0.0, time stamp: 0x52d9e279
Exception code: 0xc0000005
Fault offset: 0x000000000002bd48
Faulting process id: 0x984
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/08/2015 05:19:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2015 08:14:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (06/07/2015 08:14:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

System errors:
=============
Error: (06/08/2015 07:12:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:34:29 PM on ‎6/‎8/‎2015 was unexpected.

Error: (06/08/2015 06:30:56 PM) (Source: DCOM) (EventID: 10010) (User: ???)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (06/08/2015 05:38:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Template Flatbed Scanner service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2015 05:30:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/08/2015 05:29:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:02:32 PM on ‎6/‎7/‎2015 was unexpected.

Error: (06/08/2015 05:26:20 PM) (Source: DCOM) (EventID: 10010) (User: ???)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (06/08/2015 05:24:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (06/08/2015 05:23:19 PM) (Source: DCOM) (EventID: 10010) (User: ???)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (06/08/2015 05:22:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (06/08/2015 05:21:19 PM) (Source: DCOM) (EventID: 10010) (User: ???)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Microsoft Office:
=========================
Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (06/08/2015 06:49:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1312

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1312

Error: (06/08/2015 05:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 05:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe17.0.0.052d9e32dMurocApi.dll17.0.0.052d9e279c0000005000000000002bd4898401d0a232375b5e63C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll8b2d7340-0e25-11e5-827a-6cc2176d0f26

Error: (06/08/2015 05:19:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2015 08:14:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (06/07/2015 08:14:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 26%
Total physical RAM: 8122.15 MB
Available physical RAM: 6000.22 MB
Total Pagefile: 9402.15 MB
Available Pagefile: 7202.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:673.85 GB) (Free:616.53 GB) NTFS



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 09 June 2015 - 03:15 AM

Hi there,

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Crawler Toolbar
    PC Tech Hotline
    Remote Desktop Access
    Search App by Ask
    Spyware Clear
    Wajam
    Word Processor Text Wrap
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 10 June 2015 - 05:24 PM

Here's the log from AdwCleaner...

 

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 16:59:23
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : ??? - ???
# Running from : C:\Users\???\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : caa89563

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\pokki
Folder Deleted : C:\ProgramData\{016aaf46-a15a-b249-016a-aaf46a15bd1a}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Tny_cassiopesa
Folder Deleted : C:\Program Files (x86)\OneSystemCare
Folder Deleted : C:\Program Files (x86)\Infonaut_1.10.0.14
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.95
Folder Deleted : C:\Users\???\AppData\Local\Temp\apn
Folder Deleted : C:\Users\???\AppData\Local\pokki
Folder Deleted : C:\Users\???\AppData\Local\34444335-1433547298-5031-5739-6CC2176D0F26
Folder Deleted : C:\Users\???\AppData\Roaming\Tny_cassiopesa
Folder Deleted : C:\Users\???\AppData\Roaming\One System Care
Folder Deleted : C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\???\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.cassiopesa.com_0.localstorage
File Deleted : C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Deleted : C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Optimizer Pro Schedule
Task Deleted : Tny_cassiopesa
Task Deleted : One System CareStartUp
Task Deleted : One System CarePeriod
Task Deleted : One System Care Run Delay
Task Deleted : One System Care Monitor

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\51565043-42b9-5e46-0994-2bd046a312a3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22C1406C-6350-4D3B-9F62-2A3F370AD9A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CC6C266-6155-4676-AE77-85164EAE29D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C4D78C72-08DB-4A3F-9175-B265157283F3}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{648117E7-DB0B-469F-8CD1-14294AADA546}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\Crawler Toolbar
Key Deleted : HKCU\Software\Tny_Cassiopesa
Key Deleted : HKCU\Software\One System Care
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Infonaut_1.10.0.14
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tny_Cassiopesa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.14
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cassiopesa.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:60676;hxxps=127.0.0.1:60676
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:60676;hxxps=127.0.0.1:60676
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v43.0.2357.124

[C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
[C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.cassiopesa.com/?f=1&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=
[C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : A8EDA07A7BF082E510F23E7D852AEE16866275FA62CB51F13E24C7E3A721F7BC"},"software_reporter":{"prompt_reason":"1E421F7B7AED21CDC93F8D53E4A16737CDAEAF786599E2F3580383FF3C1EE952","prompt_seed":"EB4EE1D15B980CB6EDF9557DC79787CF0BD9D366B48EA57025405AB9F5FE3348","prompt_version":"0589EEEC7CE9065CAABBC805B15A2E456CF7642939099874794495DA05C9B426"},"sync":{"remaining_rollback_tries":"3C02F5253E7218B93ACB8011DFD9752A99A34F1C94AE6DBA820A2F505C9FF213"}},"super_mac":"5487A7326A6CB6C6FE4E71987548FB15661D4F7AF89988BD0AA26187DC8826B8"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.cassiopesa.com/?f=7&a=csp_installertech_15_23&cd=2XzuyEtN2Y1L1Qzu0AtD0Azz0C0DzzyD0EyEyC0EyE0CzyzytN0D0Tzu0StCtByDtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyDtDtD0DyEtGyE0BtDyEtGzztD0EtDtGyDyEtBzztGtAtC0F0DyCtBzzyEtAtA0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDzytB0FyB0A0DtG0E0E0BtDtGyE0EtBtAtG0AyDzz0BtGyD0FtB0C0AtA0FtDtAyCzy0A2QtN0A0LzuyE&cr=724063134&ir=

*************************

AdwCleaner[R0].txt - [10127 bytes] - [10/06/2015 16:57:15]
AdwCleaner[S0].txt - [8962 bytes] - [10/06/2015 16:59:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9021  bytes] ##########



#11 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 10 June 2015 - 05:32 PM

Here's Malwarebytes...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/10/2015
Scan Time: 5:12:01 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.10.06
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: ???

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354285
Time Elapsed: 34 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.Bundle, C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe, 3724, Delete-on-Reboot, [40ced3e611795ed89c2d2f3f1ee2b947]
PUP.Optional.MultiPlug.Gen, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp, 1828, Delete-on-Reboot, [f11d3287f397ea4c185da2dda3624eb2]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe, 4912, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe, 2140, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33]

Modules: 3
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\ApiHandlr.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\FiddlerCore.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\Newtonsoft.Json.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],

Registry Keys: 7
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dequzody, Quarantined, [f11d3287f397ea4c185da2dda3624eb2],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajaInternetEnhancer Service, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [ce40e5d49eec1620d01cbbccbc49fe02],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajaInternetEnhancer, Quarantined, [14fa64559eeca6905739e6a3887d53ad],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{caa89563}, Quarantined, [8787aa0f47433ef8093ad3b3a56048b8],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [54ba4871a9e13df9925ae2a556af04fc],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [e7276653d7b389ad21e05337c243d729],

Registry Values: 5
PUP.Optional.Bundle, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OpenSoftwareUpdater, C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe, Quarantined, [40ced3e611795ed89c2d2f3f1ee2b947]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ce40e5d49eec1620d01cbbccbc49fe02]
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Tny_Cassiopesa\\, Quarantined, [07074376f8920531e6a8ddab25e0de22]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [54ba4871a9e13df9925ae2a556af04fc]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dequzody|ImagePath, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp, Quarantined, [2ee08b2ec1c9ae88dd1eb8c51ce96799]

Registry Data: 1
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\{0A72E~1\1172~1.1\rise.dll, Good: (), Bad: (C:\PROGRA~3\{0A72E~1\1172~1.1\rise.dll),Replaced,[0b0317a2cfbb3df9b260a3e413f26997]

Folders: 13
PUP.Optional.MultiPlug.Gen, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26, Delete-on-Reboot, [f11d3287f397ea4c185da2dda3624eb2],
PUP.Optional.OpenSoftwareUpdater.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater, Quarantined, [8a84f4c5c7c36bcb5363b6cba46112ee],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.OptimizerPro.A, C:\Users\???\Documents\Optimizer Pro, Quarantined, [ac6216a3abdf0b2b165ea0e7699c1ee2],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],
PUP.Optional.OptimizerPro.A, C:\Users\???\AppData\Roaming\Optimizer Pro, Quarantined, [9777fabf8208bb7b5251cd1ddb28a35d],
PUP.Optional.OptimizerPro.A, C:\Users\???\AppData\Roaming\Optimizer Pro\Backup, Quarantined, [9777fabf8208bb7b5251cd1ddb28a35d],
PUP.Optional.OptimizerPro.A, C:\Users\???\AppData\Roaming\Optimizer Pro\Log, Quarantined, [9777fabf8208bb7b5251cd1ddb28a35d],
PUP.Optional.OptimizerPro.A, C:\Users\???\AppData\Roaming\Optimizer Pro\Undo, Quarantined, [9777fabf8208bb7b5251cd1ddb28a35d],

Files: 86
PUP.Optional.Bundle, C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe, Delete-on-Reboot, [40ced3e611795ed89c2d2f3f1ee2b947],
PUP.Optional.PCOptimizerPro, C:\Program Files (x86)\OSDownloader\optimizerpro.exe, Quarantined, [9975cdec593176c0c1f736293cc6a35d],
PUP.Optional.Bundle, C:\Program Files (x86)\OSDownloader\osu.exe, Quarantined, [3cd2d6e322684aec7a4fd99579870ff1],
PUP.Optional.SpywareClear, C:\Program Files (x86)\OSDownloader\spyclear2.exe, Quarantined, [090571484941b97d66224eeb07fb9769],
PUP.Optional.InstallCore.A, C:\Users\???\AppData\Local\Temp\ICReinstall_nseA8BF.tmp, Quarantined, [f21ca316810978be7cfb4823fd05649c],
PUP.Optional.APNToolBar.A, C:\Users\???\AppData\Local\Temp\APNSetup.exe, Quarantined, [5bb3477204861b1b45800e5658aa42be],
PUP.Optional.Cassiopesa.C, C:\Users\???\AppData\Local\Temp\64283uninstall.exe, Quarantined, [65a917a2b5d51e18a45ef68315f1c63a],
PUP.Optional.OptimizerPro.A, C:\Users\???\AppData\Local\Temp\optprosetup.exe, Quarantined, [a866f9c0008a2412e9052e36986a25db],
PUP.Optional.OfferInstaller.C, C:\Users\???\AppData\Local\Temp\mVO2A27.exe, Quarantined, [917d13a6f2983501a97ee957956d8d73],
PUP.Optional.OfferInstaller.C, C:\Users\???\AppData\Local\Temp\mVO3208.exe, Quarantined, [d836d5e491f9b4821b0c1a2642c0f20e],
PUP.Optional.OfferInstaller.C, C:\Users\???\AppData\Local\Temp\mVO3787.exe, Quarantined, [ae6057627b0f71c5fe2927191fe39b65],
PUP.Optional.OfferInstaller.C, C:\Users\???\AppData\Local\Temp\mVO4321.exe, Quarantined, [58b6d6e3afdb24128b9c66daf2100ef2],
PUP.Optional.OfferInstaller.C, C:\Users\???\AppData\Local\Temp\mVO4610.exe, Quarantined, [709e1c9d7218b482c46348f8ec1660a0],
PUP.Optional.Imali.SID.A, C:\Users\???\AppData\Local\Temp\nsd2653.tmp, Quarantined, [61adfcbd2961bf778f9bccad2cda946c],
PUP.Optional.InstallCore.A, C:\Users\???\AppData\Local\Temp\nseA8BF.tmp, Quarantined, [30dedddcdcaee84ea3d41556788a728e],
PUP.Optional.AZLyrics.A, C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [62ac3980fb8f77bf09ebda27669e20e0],
PUP.Optional.AZLyrics.A, C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [808e6554dbaf11253cb83bc6de2625db],
PUP.Optional.MultiPlug.Gen, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp, Delete-on-Reboot, [f11d3287f397ea4c185da2dda3624eb2],
PUP.Optional.MultiPlug.Gen, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\Uninstall.exe, Quarantined, [f11d3287f397ea4c185da2dda3624eb2],
PUP.Optional.MultiPlug.Gen, C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\vnsjF1FF.tmp, Quarantined, [f11d3287f397ea4c185da2dda3624eb2],
PUP.Optional.OpenSoftwareUpdater.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater\Uninstall.lnk, Quarantined, [8a84f4c5c7c36bcb5363b6cba46112ee],
PUP.Optional.OpenSoftwareUpdater.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater\OpenSoftwareUpdater.lnk, Quarantined, [8a84f4c5c7c36bcb5363b6cba46112ee],
PUP.Optional.Multiplug.A, C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32], Quarantined, [cf3fd9e00e7c2a0cffae7510ae5703fd],
PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job, Quarantined, [46c8a811a4e6ce687836d3b23dc88c74],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\Sqlite3.dll, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\dExtent, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\extent, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\fiber.js, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\hdat1, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\hdat2, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.Amonetize.A, C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\rise.dll, Quarantined, [0b0317a2cfbb3df9b260a3e413f26997],
PUP.Optional.OptimizerPro.A, C:\Users\???\Documents\Optimizer Pro\CookiesException.txt, Quarantined, [ac6216a3abdf0b2b165ea0e7699c1ee2],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\wajam.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\amazon.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\argos.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\ask.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\bestbuy.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\ebay.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\etsy.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\facebook.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\favicon.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\google.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\homedepot.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\ikea.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\imdb.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\lowes.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\mercado.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\mysearchweb.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\myshopping.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\searchresult.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\sears.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\setting.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\settings.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\shopping.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\target.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\tesco.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\tripadvisor.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\twitter.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\walmart.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\wiki.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\yahoo.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\Logos\zalando.ico, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\uninstall.exe, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\fa3bfb2b7b2365984db347b76caca4f9, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\1d3d259df0954131fe2a74cc4e57607d, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\28f65a833af9a605439a37ec8f19a1c3, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\ApiHandlr.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\bf9654074558b2752ae2aa72e54c83c2, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\c11b12809ac40c0c1c228d727fda1cc7, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\c7ca0d4ca7bcc411dff9f8ecccbcbef6, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\d3d7852aaf671f6cc3a3ecbb3e7067fe, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\ef064a469f15c2bf555be4ef43767ced, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\FiddlerCore.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\HtmlAgilityPack.dll, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\lan-proxy-settings.dat, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\makecert.exe, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\Newtonsoft.Json.dll, Delete-on-Reboot, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\wie, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\WJManifest, Quarantined, [db3347720b7f999d3fe2c5c5e520cd33],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk, Quarantined, [ea24cfea2e5c54e2226fcf1bef14ee12],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by Dark Raven, 10 June 2015 - 05:33 PM.


#12 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 10 June 2015 - 05:39 PM

FRST...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ??? (administrator) on ??? on 10-06-2015 18:33:53
Running from C:\Users\???\Desktop
Loaded Profiles: ??? (Available Profiles: ???)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Installer Technology Co.) C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #8] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #6] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-17]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49209;https=127.0.0.1:49209
ProxyEnable: [S-1-5-21-2418113219-119105201-894429124-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2418113219-119105201-894429124-1001] => http=127.0.0.1:49209;https=127.0.0.1:49209
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2418113219-119105201-894429124-1001 -> {263065A8-811D-4CEA-825D-843606294BB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-17]

Chrome:
=======
CHR Profile: C:\Users\???\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
CHR Extension: (Google Drive) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (YouTube) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
CHR Extension: (Google Search) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
CHR Extension: (Bookmark Manager) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Google Wallet) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-21]
CHR Extension: (Gmail) - C:\Users\???\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
U0 reagy; C:\Windows\System32\drivers\xdlyom.sys [79064 2015-06-10] (Malwarebytes Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 17:48 - 2015-06-10 17:48 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xdlyom.sys
2015-06-10 17:09 - 2015-06-10 17:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 17:09 - 2015-06-10 17:09 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-10 17:09 - 2015-06-10 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-10 17:09 - 2015-06-10 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 17:09 - 2015-06-10 17:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 17:09 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-10 17:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-10 17:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-10 16:50 - 2015-06-10 16:50 - 02231296 _____ C:\Users\???\Desktop\AdwCleaner.exe
2015-06-10 16:49 - 2015-06-10 17:01 - 00000000 ____D C:\AdwCleaner
2015-06-10 16:48 - 2015-06-10 16:48 - 02231296 _____ C:\Users\???\Downloads\AdwCleaner.exe
2015-06-10 15:21 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 15:21 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 15:21 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 15:21 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 15:21 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 15:21 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 15:21 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 15:20 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 15:20 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 15:20 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 15:20 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 15:20 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 15:20 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 15:20 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 15:20 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 15:20 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 15:20 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 15:20 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 15:20 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 15:20 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 15:20 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 15:20 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 15:20 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 15:20 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 15:20 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 15:20 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 15:20 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 15:20 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 15:20 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 15:20 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 15:20 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 15:20 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 15:20 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 15:20 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 15:20 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 15:20 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 15:20 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 15:20 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 15:20 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 15:20 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 15:20 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 15:20 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 15:19 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 15:12 - 2015-06-10 17:05 - 00000366 _____ C:\Windows\Tasks\HPCeeScheduleFor???.job
2015-06-10 15:12 - 2015-06-10 16:43 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor???
2015-06-10 15:03 - 2015-06-10 15:04 - 01446272 _____ C:\Windows\Minidump\061015-21859-01.dmp
2015-06-10 11:09 - 2015-06-10 11:09 - 00001287 _____ C:\Users\???\Desktop\Revo Uninstaller.lnk
2015-06-10 11:09 - 2015-06-10 11:09 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-08 18:04 - 2015-06-10 11:08 - 00037508 _____ C:\Users\???\Desktop\Addition.txt
2015-06-08 18:03 - 2015-06-10 18:33 - 00025254 _____ C:\Users\???\Desktop\FRST.txt
2015-06-08 17:35 - 2015-06-08 17:36 - 02108928 _____ (Farbar) C:\Users\???\Desktop\FRST64.exe
2015-06-08 17:33 - 2015-06-10 18:33 - 00000000 ____D C:\FRST
2015-06-08 17:33 - 2015-06-08 17:33 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64 (2).exe
2015-06-08 17:33 - 2015-06-08 17:33 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (3).exe
2015-06-07 20:11 - 2015-06-07 20:12 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (2).exe
2015-06-07 20:09 - 2015-06-07 20:09 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64 (1).exe
2015-06-07 20:08 - 2015-06-07 20:08 - 02108928 _____ (Farbar) C:\Users\???\Downloads\FRST64.exe
2015-06-07 20:08 - 2015-06-07 20:08 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST (1).exe
2015-06-07 20:07 - 2015-06-07 20:07 - 01147904 _____ (Farbar) C:\Users\???\Downloads\FRST.exe
2015-06-06 14:54 - 2015-06-06 14:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-06 09:35 - 2015-06-06 09:35 - 00000000 ____D C:\Users\???\Downloads\SMBOdyssey
2015-06-06 09:34 - 2015-06-06 09:34 - 32981083 _____ C:\Users\???\Downloads\SMBOdyssey.zip
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Users\???\AppData\Roaming\OpenSoftwareUpdater
2015-06-05 23:32 - 2015-06-10 17:15 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-06-05 23:32 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\WajaInternetEnhancer
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-06-05 23:31 - 2015-06-05 23:31 - 00004122 _____ C:\Windows\System32\Tasks\Cassiopesa rise
2015-06-05 23:30 - 2015-06-05 23:30 - 00511032 _____ C:\Users\???\Downloads\SoftwareUpdater.exe
2015-06-05 23:30 - 2015-06-05 23:30 - 00000003 _____ C:\Users\???\Desktop\2.txt
2015-06-05 23:30 - 2015-06-05 23:30 - 00000003 _____ C:\Users\???\Desktop\1.txt
2015-06-05 22:38 - 2015-06-05 22:38 - 00000000 ____D C:\Users\???\Documents\SMBOdyssey
2015-05-12 16:08 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 16:08 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 13:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 13:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 13:44 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 13:44 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 13:44 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 13:44 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 13:44 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 13:44 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 13:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 13:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 13:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 13:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 13:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 18:32 - 2014-08-16 06:21 - 01368550 _____ C:\Windows\WindowsUpdate.log
2015-06-10 18:23 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-10 18:20 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-10 18:13 - 2014-08-21 12:35 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 18:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-10 17:53 - 2014-08-16 06:34 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2418113219-119105201-894429124-1001
2015-06-10 17:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Globalization
2015-06-10 17:11 - 2014-06-17 14:34 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-06-10 17:11 - 2014-04-24 12:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-06-10 17:09 - 2014-08-16 06:31 - 00000000 ____D C:\Users\???\Documents\Youcam
2015-06-10 17:08 - 2014-11-16 16:56 - 00000000 __SHD C:\Users\???\AppData\Local\EmieBrowserModeList
2015-06-10 17:08 - 2014-08-16 15:22 - 00000000 __SHD C:\Users\???\AppData\Local\EmieUserList
2015-06-10 17:08 - 2014-08-16 15:22 - 00000000 __SHD C:\Users\???\AppData\Local\EmieSiteList
2015-06-10 17:08 - 2014-08-16 06:31 - 00000000 ___DO C:\Users\???\OneDrive
2015-06-10 17:06 - 2014-08-21 12:35 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 17:05 - 2013-08-22 10:46 - 00033070 _____ C:\Windows\setupact.log
2015-06-10 17:05 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 17:05 - 2013-08-22 10:44 - 00425864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 17:03 - 2014-03-18 05:44 - 00025172 _____ C:\Windows\PFRO.log
2015-06-10 17:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 15:21 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-10 15:04 - 2014-08-16 06:28 - 00000000 ____D C:\Users\???
2015-06-10 15:03 - 2014-10-06 07:24 - 872613252 _____ C:\Windows\MEMORY.DMP
2015-06-10 15:03 - 2014-10-06 07:24 - 00000000 ____D C:\Windows\Minidump
2015-06-10 11:19 - 2014-08-21 12:35 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-08 19:12 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-06 14:02 - 2014-08-16 16:48 - 00000000 ____D C:\Users\???\AppData\Local\CrashDumps
2015-06-02 14:57 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-01 22:44 - 2014-08-21 12:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-01 21:43 - 2015-01-18 10:43 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor???$
2015-06-01 21:43 - 2015-01-18 10:43 - 00000376 _____ C:\Windows\Tasks\HPCeeScheduleFor???$.job
2015-06-01 19:20 - 2014-03-18 05:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 19:17 - 2014-08-16 06:48 - 00002324 _____ C:\Users\???\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-06-01 19:08 - 2014-08-21 12:35 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-01 19:08 - 2014-08-21 12:35 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 20:26 - 2014-08-17 20:47 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-05-12 16:15 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-12 16:05 - 2014-03-18 05:38 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2014-08-17 00:18 - 2014-08-17 00:18 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\???\AppData\Local\Temp\oct770.tmp.exe
C:\Users\???\AppData\Local\Temp\oct9BBA.tmp.exe
C:\Users\???\AppData\Local\Temp\octAC43.tmp.exe
C:\Users\???\AppData\Local\Temp\octB49C.tmp.exe
C:\Users\???\AppData\Local\Temp\octFBAD.tmp.exe
C:\Users\???\AppData\Local\Temp\octFCDE.tmp.exe
C:\Users\???\AppData\Local\Temp\ose00000.exe
C:\Users\???\AppData\Local\Temp\Quarantine.exe
C:\Users\???\AppData\Local\Temp\sqlite3.dll
C:\Users\???\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-28 13:35

==================== End of log ============================



#13 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 10 June 2015 - 05:43 PM

And last but not least, the addition log!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ??? at 2015-06-10 18:34:28
Running from C:\Users\???\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2418113219-119105201-894429124-500 - Administrator - Disabled)
Guest (S-1-5-21-2418113219-119105201-894429124-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2418113219-119105201-894429124-1003 - Limited - Enabled)
??? (S-1-5-21-2418113219-119105201-894429124-1001 - Administrator - Enabled) => C:\Users\???

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{ADD75863-9A69-4C44-9B43-11AE2B12BE51}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{2369F346-79DE-4D08-8999-AACFF6F41A6F}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{dd372384-a281-47d6-8ef4-19cc622dce4e}) (Version: 17.00.1000.1423 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OpenSoftwareUpdater (HKLM-x32\...\OpenSoftwareUpdater) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{7D5D56E5-5869-4D0F-8D6C-6291004F9DF2}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418113219-119105201-894429124-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

11-05-2015 21:49:58 Scheduled Checkpoint
27-05-2015 21:43:33 Scheduled Checkpoint
10-06-2015 11:12:47 Revo Uninstaller's restore point - Crawler Toolbar

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066A38D7-8822-4396-BBAA-56E2744C6823} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {0D148221-0465-4AE1-80E5-A48FA883D04A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {11C75194-2855-407E-A28E-CF2A63256D86} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {171A306C-4F40-4AD6-B520-D11A39BF2B4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {269CA7E2-3544-4F06-AAA0-0A7533AC8A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH42C581Q6 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {383BEB91-C723-4A11-9641-029605802A13} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {3EC13B08-E24A-4F56-B47E-57D1832AA497} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {499E6047-77DE-4D38-8CBD-CDA7B1EC6F74} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {60650743-B8B7-435C-871F-2BF3297137E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN45E141G7 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {6453882A-D6D6-4F5F-93D8-163F8887C2D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {7B8D7CE8-7B55-4CB1-8DC4-1E4AB499F92E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN41U140VC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {8F04D2B2-A4C4-459A-8A0B-6854BA942FA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {90A0EFAB-D6A5-400B-BEFC-393C4A680B46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A14FE604-2B59-444D-B7CF-B50155E23234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A33AF9B1-2932-46A8-B85F-03CF4C131634} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {AB69921D-A8D8-4A3F-A7B3-44ABC55CDD07} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B2BA39CD-4170-4C27-BFF2-872742AA22EC} - System32\Tasks\Cassiopesa rise => C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\f
Task: {B34F1314-D743-468C-A93D-F76B828D7BAB} - System32\Tasks\HPCeeScheduleFor??? => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B77699ED-4B51-49E1-A5CC-3EB097C6E3AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN455121G8 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {B7F2C8DC-17DD-491B-8A85-429477AA7119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {BC05106C-7007-49C5-AEA9-5EF20F53D6FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN41N8R44S05RN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {D812ED71-0778-446C-8C96-F8B5E1EAC65B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3AN2BMD0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {E4D7DF89-0E6C-48B1-A700-5FE5A3095DC0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {FCC14DB0-BA8A-45D6-97CD-DF2976BC226C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FD09AAB8-EC63-4CBE-BEED-C479CE1AC10A} - System32\Tasks\HPCeeScheduleFor???$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor???.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor???$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-06-05 23:32 - 2015-06-05 23:32 - 00167424 _____ () C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\hnsv4206.tmp
2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-06-04 16:57 - 2015-06-04 16:57 - 01073664 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-06-04 16:57 - 2015-06-04 16:57 - 00282624 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\InternetEnhancer.exe
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-06-04 16:57 - 2015-06-04 16:57 - 00011776 _____ () C:\Program Files (x86)\WajaInternetEnhancer\WajaInternetEnhancer Internet Enhancer\ApiHandlr.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-06-17 13:57 - 2013-12-10 11:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\???\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418113219-119105201-894429124-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A1E744EA-1EC5-4B4F-AACF-1A6B467D1E64}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{14E62014-22D4-4EB4-B78C-CB777520DC7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{782B6236-98F0-4D72-B773-996C02325596}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E12F69C2-C320-416B-B644-9E4C52D8F860}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{096F1768-FDEF-4A2D-A0DF-5A39FEC2A579}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D441DE34-98B4-440F-BB42-0A8A72D66B40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDA9A183-C187-4DDA-9F36-04EF5EE96773}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{61BB0F52-ED35-4B95-9A92-A14F91C79908}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{04CE44B9-B982-4CEF-8141-3A8D575D3243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C6D12546-5A2E-4375-BBA7-4206751A636C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8FEE15F0-3AED-452E-9C23-3CB23C50DA67}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{1392C526-14C5-43A6-ABD1-DEB6352DF780}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C45DCC13-8629-437A-A3A0-2308399E888A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{523680A8-7A1F-4BCA-99C9-A365B0ADEADB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5B40BB1D-39B7-47EE-A7DD-A08CD3A249B5}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{9F8EABF9-497D-4D91-9BBD-FB1D1436FE84}] => (Allow) LPort=5357
FirewallRules: [{B7EE4D72-DF53-462A-85E1-338F40D752E0}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9E4787E1-6E74-476A-A724-03CD3D3BEEB4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D3F5D958-FA4F-459F-84AA-94674895D5EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0F4133EF-2E55-4946-9723-40AA36BCCD59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 05:01:32 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 05:01:32 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 04:59:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 04:59:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 03:17:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (06/10/2015 03:17:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (06/10/2015 03:17:03 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/10/2015 05:03:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (06/10/2015 05:03:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/10/2015 05:03:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/10/2015 05:01:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Smart Connect Technology Agent service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/10/2015 05:01:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

Microsoft Office:
=========================
Error: (06/10/2015 05:01:32 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 05:01:32 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 04:59:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 04:59:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (06/10/2015 03:17:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2015 03:17:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2015 03:17:03 PM) (Source: MsiInstaller) (EventID: 10005) (User: ???)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (06/10/2015 11:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 39%
Total physical RAM: 8122.15 MB
Available physical RAM: 4927.39 MB
Total Pagefile: 16314.15 MB
Available Pagefile: 13073.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:673.85 GB) (Free:608.89 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.77 GB) (Free:2.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6DA8418D)

Partition: GPT Partition Type.

==================== End of log ============================



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 11 June 2015 - 12:43 PM

Hi there,
for the next step: Please replace the "???" in the fixlist.txt with the "real name" before running the fix.

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses
    Task: {B2BA39CD-4170-4C27-BFF2-872742AA22EC} - System32\Tasks\Cassiopesa rise => C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\f
    C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\
    C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\
    C:\Program Files (x86)\WajaInternetEnhancer\
    AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #8] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
    HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #6] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    RemoveProxy:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Users\???\AppData\Roaming\OpenSoftwareUpdater
    2015-06-05 23:32 - 2015-06-10 17:15 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
    2015-06-05 23:32 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26
    2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\WajaInternetEnhancer
    2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\OSDownloader
    2015-06-05 23:30 - 2015-06-05 23:30 - 00511032 _____ C:\Users\???\Downloads\SoftwareUpdater.exe
    CreateRestorePoint:
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Edited by deeprybka, 11 June 2015 - 12:43 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Dark Raven

Dark Raven
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 14 June 2015 - 01:44 PM

Here you go!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by ??? at 2015-06-14 14:24:07 Run:1
Running from C:\Users\???\Desktop
Loaded Profiles: ??? &  (Available Profiles: ???)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses
Task: {B2BA39CD-4170-4C27-BFF2-872742AA22EC} - System32\Tasks\Cassiopesa rise => C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\1.17.2.1\f
C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26\
C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}\
C:\Program Files (x86)\WajaInternetEnhancer\
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #8] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
HKU\S-1-5-21-2418113219-119105201-894429124-1001\...\RunOnce: [Application Restart #6] => C:\Users\???\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 577 more characters).
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
RemoveProxy:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-06-05 23:33 - 2015-06-05 23:33 - 00000000 ____D C:\Users\???\AppData\Roaming\OpenSoftwareUpdater
2015-06-05 23:32 - 2015-06-10 17:15 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-06-05 23:32 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\WajaInternetEnhancer
2015-06-05 23:31 - 2015-06-10 17:48 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-06-05 23:30 - 2015-06-05 23:30 - 00511032 _____ C:\Users\???\Downloads\SoftwareUpdater.exe
CreateRestorePoint:
EmptyTemp:

*****************

CloseProcesses => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2BA39CD-4170-4C27-BFF2-872742AA22EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2BA39CD-4170-4C27-BFF2-872742AA22EC}" => key removed successfully
C:\Windows\System32\Tasks\Cassiopesa rise => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa rise" => key removed successfully
C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26 => moved successfully.
"C:\ProgramData\{0A72E2B1-5AF0-3337-EB76-43B53BF4903B}" => File/Folder not found.
C:\Program Files (x86)\WajaInternetEnhancer => moved successfully.
C:\ProgramData\TEMP => ":B3503B59" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #8 => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2418113219-119105201-894429124-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\???\AppData\Roaming\OpenSoftwareUpdater => moved successfully.
C:\Program Files (x86)\OpenSoftwareUpdater => moved successfully.
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully.
"C:\Users\???\AppData\Roaming\34444335-1433561514-5031-5739-6CC2176D0F26" => File/Folder not found.
"C:\Program Files (x86)\WajaInternetEnhancer" => File/Folder not found.
C:\Program Files (x86)\OSDownloader => moved successfully.
C:\Users\???\Downloads\SoftwareUpdater.exe => moved successfully.
Restore point was successfully created.
EmptyTemp: => 8.3 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:28:23 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users