Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups from enormousales and pcfixing4


  • This topic is locked This topic is locked
30 replies to this topic

#1 sclossick

sclossick

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 14 June 2015 - 08:35 AM

 

I have a Surface Pro 3 that my son uses primarily. He let a buddy of his download some programs to enhance their gaming experience. I think this has opened the door to some malware. Right now, browsing is interrupted by pop-up ads and inrusive banner ads from Enormousales and pcfixing4 and Lucky Shopper. FRST file is below and Addition file is attached. Thank you for your attention and help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Stephen (administrator) on KEEGAN-PC on 14-06-2015 09:19:51
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen & Madigan & kclos_000 (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp
Microsoftarrow-10x10.png Corporation) C:\Program Files Windows Defenderarrow-10x10.png\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32 SkyDrivearrow-10x10.png.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe
(PCUtilities Software Limited) C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}\optimizerpro.exe
(Get Live Support Limited) C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}\SystemOptimizer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [gmsd_us_323] => [X]
HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:/progra~3/{be095~1/192~1.1/tice.dll => "c:\progra~3\{be095~1\192~1.1\tice.dll" File not found
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\274.lnk [2015-03-07]
ShortcutTarget: 274.lnk -> C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe ()
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro.lnk [2015-03-07]
ShortcutTarget: optimizerpro.lnk -> C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}\optimizerpro.exe (PCUtilities Software Limited)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemOptimizer.lnk [2015-02-13]
ShortcutTarget: SystemOptimizer.lnk -> C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}\SystemOptimizer.exe (Get Live Support Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registryarrow-10x10.png item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3566614747-3769634103-3560256049-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3566614747-3769634103-3560256049-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: LuckyShoopper -> {663E2251-2429-4DC5-8835-9245968D1E8B} -> C:\Program Files (x86)\LuckyShoopper\TAdAdigC6LRddK.x64.dll [2015-06-14] ()
BHO-x32: LuckyShoopper -> {663E2251-2429-4DC5-8835-9245968D1E8B} -> C:\Program Files (x86)\LuckyShoopper\TAdAdigC6LRddK.dll [2015-06-14] ()
Winsock: Catalog9 01 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default
FF Extension: LuckyShoopper - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\e@yru0nVkY.org [2015-06-14]
FF Extension: EnormoouSaLoes - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\Tps8u@Mo3od1.edu [2015-06-14]
FF Extension: OnlineLowDeals - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\yehazdj_mnyylqcjo@ngwkjbojznfgcnwpfe.com [2015-06-14]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 862ff8a7; c:\Program Files (x86)\afterguard\afterguard.dll [1751552 2015-06-14] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 hyxuduge; C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp [175104 2015-03-07] () [File not signed]
S2 MBAMService; C:\Program Files (x86) Malwarebytesarrow-10x10.png Anti-Malware\mbamservice.exe [1080120 2015-04-14] Malwarebytesarrow-10x10.png Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-13] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-16] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-16] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-16] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 09:19 - 2015-06-14 09:20 - 00010935 _____ C:\Users\Stephen\Downloads\FRST.txt
2015-06-14 09:19 - 2015-06-14 09:20 - 00000000 ____D C:\FRST
2015-06-14 09:16 - 2015-06-14 09:17 - 02109952 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2015-06-14 07:17 - 2015-06-14 07:17 - 00003268 _____ C:\windows\System32\Tasks\FontElite
2015-06-14 07:17 - 2015-06-14 07:17 - 00000378 _____ C:\windows\Tasks\FontElite.job
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\LuckyShoopper
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\LiteMatch
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\afterguard
2015-06-14 07:16 - 2015-06-14 07:17 - 00000000 ____D C:\ProgramData\{ed5def5e-5e31-df06-ed5d-def5e5e3bd79}
2015-06-14 07:16 - 2015-06-14 07:16 - 00004096 _____ C:\windows\SysWOW64\ntwdblib.dll
2015-06-14 07:16 - 2015-06-14 07:16 - 00003268 _____ C:\windows\System32\Tasks\PasswordBlocker
2015-06-14 07:16 - 2015-06-14 07:16 - 00000378 _____ C:\windows\Tasks\PasswordBlocker.job
2015-06-14 07:16 - 2015-06-14 07:16 - 00000000 ____D C:\ProgramData\{754992a7-22cd-5a6d-7549-992a722c4a9c}
2015-06-14 07:16 - 2015-06-14 07:16 - 00000000 ____D C:\Program Files (x86)\EnormoouSaLoes
2015-06-12 14:42 - 2015-06-12 14:42 - 00001167 _____ C:\Users\Madigan\Desktop\Continue Install Software Installation.lnk
2015-06-08 19:29 - 2015-06-08 19:29 - 00000000 ____D C:\Users\Madigan\AppData\Local\GWX
2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\Users\kclos_000\AppData\Local\Intel_Corporation
2015-05-31 11:22 - 2015-06-13 17:40 - 00000000 ____D C:\Program Files (x86)\ProShoppeR
2015-05-31 11:22 - 2015-06-13 17:33 - 00000000 ____D C:\Program Files (x86)\PrioShoppper
2015-05-31 11:22 - 2015-05-31 11:22 - 00000000 ____D C:\Program Files (x86)\topiDeall
2015-05-31 11:22 - 2015-05-31 11:22 - 00000000 ____D C:\Program Files (x86)\Currency Converter
2015-05-20 17:55 - 2015-05-20 17:55 - 00000000 ____D C:\windows\LastGood.Tmp
2015-05-20 16:44 - 2015-03-31 20:28 - 24806000 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 24007768 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 06080608 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 04788464 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 02946336 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 02775672 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01402336 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01399240 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01369088 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01063936 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00980312 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00672088 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00623616 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00616280 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00473864 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00393480 _____ C:\windows\system32\igfxTray.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00345864 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00280840 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00274040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00255488 _____ C:\windows\system32\igfxCPL.cpl
2015-05-20 16:44 - 2015-03-31 20:28 - 00220432 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00219400 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00213504 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00211656 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00184352 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4170.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178672 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178176 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00134264 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00086528 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00036616 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00035328 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00004016 _____ C:\windows\system32\iglhxs64.vp
2015-05-20 16:44 - 2015-03-31 20:27 - 17765456 _____ C:\windows\system32\igd11dxva64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 17289048 _____ C:\windows\SysWOW64\igd11dxva32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 15980032 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 10850816 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 09414176 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 08622624 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 06710542 _____ C:\windows\system32\igdclbif.bin
2015-05-20 16:44 - 2015-03-31 20:27 - 04888368 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-05-20 16:44 - 2015-03-31 20:27 - 03583488 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 03318272 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01637200 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01269960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00398848 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00350720 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00282696 _____ (Intel Corporation) C:\windows\system32\igd10idpp64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00263120 _____ (Intel Corporation) C:\windows\SysWOW64\igd10idpp32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00227328 _____ C:\windows\system32\igdde64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00187904 _____ C:\windows\SysWOW64\igdde32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00152064 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 09505280 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 07481344 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 00449800 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-05-20 16:44 - 2015-03-31 20:26 - 00157960 _____ (Intel Corporation) C:\windows\system32\difx64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 09:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-06-14 08:42 - 2014-12-25 08:25 - 01867236 _____ C:\windows\WindowsUpdate.log
2015-06-14 08:21 - 2015-05-08 19:04 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2015-06-14 08:17 - 2014-12-25 21:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1004
2015-06-14 08:17 - 2014-12-25 21:52 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1005
2015-06-14 08:17 - 2014-12-25 20:50 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1001
2015-06-14 08:12 - 2015-03-23 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 08:11 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-14 07:18 - 2015-03-20 16:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 07:17 - 2015-04-25 11:27 - 00000000 ____D C:\Program Files (x86)\LibraryMonitor
2015-06-14 07:17 - 2015-03-07 11:09 - 00000000 ____D C:\ProgramData\17505497784407803240
2015-06-14 07:16 - 2015-03-07 11:09 - 00000000 ____D C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}
2015-06-14 07:16 - 2015-03-07 11:07 - 00000000 ____D C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}
2015-06-14 06:51 - 2014-12-25 21:09 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63AC061A-90DC-43A6-9745-BE335541AF70}
2015-06-14 06:45 - 2014-12-25 21:47 - 00000000 ____D C:\Users\kclos_000\OneDrive
2015-06-14 06:45 - 2014-12-25 20:44 - 00000000 ____D C:\Users\Stephen\OneDrive
2015-06-14 06:36 - 2015-01-01 22:10 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C37CF2B6-68C2-43D8-B555-01D5E3C378D2}
2015-06-14 06:36 - 2014-12-27 17:53 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F64623FF-396F-4C43-A37F-10C5637EB129}
2015-06-12 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-08 19:28 - 2014-12-25 21:49 - 00000000 ___RD C:\Users\Madigan\OneDrive
2015-06-07 20:26 - 2014-08-13 21:14 - 00818732 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-07 20:21 - 2014-08-13 21:05 - 00039504 _____ C:\windows\PFRO.log
2015-06-07 20:21 - 2013-08-22 10:46 - 00031000 _____ C:\windows\setupact.log
2015-06-07 20:21 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-07 20:21 - 2013-08-22 09:25 - 00786432 ___SH C:\windows\system32\config\BBI
2015-05-31 16:30 - 2014-12-27 18:06 - 00000000 ____D C:\Users\kclos_000\AppData\Roaming\.minecraft
2015-05-31 11:22 - 2015-03-07 11:06 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5
2015-05-25 20:35 - 2015-04-13 15:45 - 00078848 ___SH C:\Users\kclos_000\Desktop\Thumbs.db
2015-05-21 03:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-05-20 16:45 - 2014-08-13 20:21 - 00000000 ____D C:\windows\Firmware
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\system32\GWX
2015-05-19 02:31 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-05-18 22:12 - 2013-08-22 10:44 - 00337808 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-18 22:11 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-05-18 22:11 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-05-02 16:46 - 2015-05-02 16:46 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-03-14 07:17 - 2015-03-14 07:17 - 0000044 _____ () C:\Users\Stephen\AppData\Roaming\WB.CFG
2015-03-14 09:49 - 2015-03-14 09:49 - 0613255 _____ (CMI Limited) C:\Users\Stephen\AppData\Local\nsz93BC.tmp
2015-03-14 10:32 - 2015-04-27 21:03 - 0004956 _____ () C:\Users\Stephen\AppData\Local\Temp-log.txt
2015-05-09 06:34 - 2015-05-09 06:34 - 0000000 _____ () C:\Users\Stephen\AppData\Local\Temp.dat
2014-08-13 21:06 - 2014-08-13 21:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Madigan\AppData\Local\Temp\ICReinstall_zipinstall.exe
C:\Users\Stephen\AppData\Local\Temp\3338.exe
C:\Users\Stephen\AppData\Local\Temp\4173.exe
C:\Users\Stephen\AppData\Local\Temp\4628590567464729151.exe
C:\Users\Stephen\AppData\Local\Temp\5036414426622247552c.exe
C:\Users\Stephen\AppData\Local\Temp\5857830153319760363b.exe
C:\Users\Stephen\AppData\Local\Temp\6691.exe
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.dll
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.exe
C:\Users\Stephen\AppData\Local\Temp\7A2C.exe
C:\Users\Stephen\AppData\Local\Temp\B0F5AADD-3088-0A78-F03B-563AB4BB0F06.exe
C:\Users\Stephen\AppData\Local\Temp\bitool.dll
C:\Users\Stephen\AppData\Local\Temp\ntwdblib.dll
C:\Users\Stephen\AppData\Local\Temp\setup_607.exe
C:\Users\Stephen\AppData\Local\Temp\setup_ra.exe
C:\Users\Stephen\AppData\Local\Temp\SpOrder.dll
C:\Users\Stephen\AppData\Local\Temp\sysoptsetup.exe
C:\Users\Stephen\AppData\Local\Temp\TPLIStubSetup.exe
C:\Users\Stephen\AppData\Local\Temp\Uninstall.exe
C:\Users\Stephen\AppData\Local\Temp\UUC1B17.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 05:07

==================== End of log ============================

 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:14 AM

Posted 16 June 2015 - 12:23 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Since a few days have passed since this post please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 16 June 2015 - 01:54 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-16 14:42:13
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3566614747-3769634103-3560256049-500 - Administrator - Disabled)
closs_000 (S-1-5-21-3566614747-3769634103-3560256049-1006 - Limited - Enabled) => C:\Users\closs_000
Guest (S-1-5-21-3566614747-3769634103-3560256049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3566614747-3769634103-3560256049-1003 - Limited - Enabled)
kclos_000 (S-1-5-21-3566614747-3769634103-3560256049-1005 - Limited - Enabled) => C:\Users\kclos_000
Madigan (S-1-5-21-3566614747-3769634103-3560256049-1004 - Limited - Enabled) => C:\Users\Madigan
Stephen (S-1-5-21-3566614747-3769634103-3560256049-1001 - Administrator - Enabled) => C:\Users\Stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defenderarrow-10x10.png (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Currency Converter (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version:  - "") <==== ATTENTION
DealNoDeal (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - DealNoDeal) <==== ATTENTION
EnormoouSaLoes (HKLM-x32\...\{214E251B-BF42-BF18-588C-42DA92658DB4}) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
LiteMatch (HKLM-x32\...\{F679D2F0-CE91-93C8-BD2D-062DF04DA0C1}) (Version:  - )
LuckyShoopper (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - ) <==== ATTENTION
Malwarebytesarrow-10x10.pngAnti-Malware version 2.1.6.1022 (HKLM-x32\... Malwarebytesarrow-10x10.png Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Officearrow-10x10.png(HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4631.1003 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
PremiumStrengthener (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{862ff8a7}) (Version:  - PremiumStrengthener) <==== ATTENTION
PrioShoppper (HKLM-x32\...\{8F213470-964F-4092-6B31-BC7570F31B5A}) (Version:  - ProShopper) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
topiDeall (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version:  - "") <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 19:48:39 Scheduled Checkpoint
03-06-2015 16:46:22 Windows Updatearrow-10x10.png
13-06-2015 17:39:03 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-03-14 10:18 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BFF621-2462-4418-A70C-1B41CA4AEA65} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {032B4FCF-6E65-4888-9D52-75341238DA3F} - System32\Tasks\PasswordBlocker => c:\programdata\{754992a7-22cd-5a6d-7549-992a722c4a9c}\5857830153319760363b.exe [2014-06-14] () <==== ATTENTION
Task: {107D0252-0F27-41C3-9226-0E96DF2BBE6E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {165A9990-4A2F-42A9-B7D1-A7780FD7E0A2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {351FC7C8-B27D-4195-BD9A-107309434D13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-15] (Microsoft Corporation)
Task: {7E46C289-C9EF-42C9-9170-53F46CFEB995} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Stephen\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {80EACB80-C5DF-4DE3-ADED-D54AC692BB23} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {926E288D-60DC-4621-B8E7-8B8D8891C663} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9685465A-8E92-4E35-A3BE-E2225AA9116A} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9AA66FBF-E698-4064-B5A0-E9FEC67E10A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B2ABC63D-936C-4825-8A51-ACAFB6B9782B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {E71FBC16-14BD-4F22-B1E0-A09855836CE2} - System32\Tasks\gameo_update => C:\Users\Stephen\AppData\Roaming\Gameo\gameo.exe <==== ATTENTION
Task: {F286218A-1613-4B08-BC9F-B7970E33E820} - System32\Tasks\{88E8C6AF-75A6-4397-99D7-06402F64FC4A} => pcalua.exe -a "C:\Program Files (x86)\DealNoDeal\DealNoDeal.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {F7166DA2-AFCF-4096-8F8E-EC1EAD11A0D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F9FF05B9-A755-4EC0-ADE1-011D349E27A0} - System32\Tasks\FontElite => c:\programdata\{ed5def5e-5e31-df06-ed5d-def5e5e3bd79}\5036414426622247552c.exe [2014-06-14] () <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\FontElite.job => c:\programdata\{ed5def5e-5e31-df06-ed5d-def5e5e3bd79}\5036414426622247552c.exe <==== ATTENTION
Task: C:\windows\Tasks\PasswordBlocker.job => c:\programdata\{754992a7-22cd-5a6d-7549-992a722c4a9c}\5857830153319760363b.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-02-08 23:28 - 2012-09-18 16:27 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2015-02-08 23:28 - 2012-09-18 16:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-03-07 11:07 - 2015-03-07 11:07 - 00175104 _____ () C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp
2014-03-07 11:09 - 2014-03-07 11:09 - 01041408 _____ () C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe
2015-06-14 07:17 - 2015-06-14 07:17 - 01751552 _____ () c:\Program Files (x86)\afterguard\afterguard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\closs_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\kclos_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Madigan\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Stephen\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 207.69.188.186 - 207.69.188.187

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{C2224DB9-0B81-42B3-9744-5CAE4A512592}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8241AC73-6EDF-4B12-887B-D2F81AF17A82}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4FC403E6-8B16-4788-AD8A-F402B833AEF3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9CB3C579-8B8F-4A37-9174-0B62FBB1AA38}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DE4429D4-6030-44E3-956B-91CC8DF97760}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\youtubeserv.exe
FirewallRules: [{4E7C9EBA-834A-46FE-9C2E-3395E44F172B}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\netclean.exe
FirewallRules: [{4DDF549E-1322-431D-9B1E-5FE736440C59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1ED347B6-E499-4EB2-AF88-49FAE1031C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AF4BB3B-7852-4F23-9B00-C6058F0E42AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3A0412C-FFB1-48E0-A671-B9170D826B90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0CD85C3-A6E1-4B34-A60A-405B9A352735}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{25A53EBA-0CFF-47C5-A9C4-253116AB65BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D5E8C6C-0AC2-498C-AB8B-8A234A02C65A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A0C8E398-2C22-4851-AE53-E886A1A42166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{C56DE36B-0060-4DC0-84BB-FDEF64691F53}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{78F5C30B-9ABD-4561-A1EC-DF922C34DBE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 09:09:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1304

Start Time: 01d0a76bd2020802

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c588d80b-135f-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/15/2015 05:46:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7cc

Start Time: 01d0a74f7be67c94

Termination Time: 4294967295

Application Path: C:\windows\system32\backgroundTaskHost.exe

Report Id: 6f910ec5-1343-11e5-8275-6002920b310f

Faulting package full name: 1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwj

Faulting package-relative application ID: App

Error: (06/15/2015 05:41:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22e0

Start Time: 01d0a74e662e4eaa

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b1123db4-1342-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:58:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d98

Start Time: 01d0a6a9694b4ab1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5ce0676d-129d-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:52:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d70

Start Time: 01d0a6a8b0609eff

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a66fefd7-129c-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:47:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2324

Start Time: 01d0a6a7f9767ae4

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ed68a80e-129b-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:42:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23a0

Start Time: 01d0a6a7430d2a59

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3693fa4a-129b-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:37:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a5c

Start Time: 01d0a6a68b8fa122

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 802381d2-129a-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:32:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2308

Start Time: 01d0a6a5d4a797b9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c8bf05ff-1299-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:27:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 37c

Start Time: 01d0a6a51e6c6a1e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 11e74387-1299-11e5-8275-6002920b310f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (06/14/2015 06:48:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

Error: (06/13/2015 05:28:19 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.3 with the system
having network hardware address 14-49-E0-08-1B-AB. Network operations on this system may
be disrupted as a result.

Error: (06/13/2015 05:20:45 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.3 with the system
having network hardware address 14-49-E0-08-1B-AB. Network operations on this system may
be disrupted as a result.

Error: (06/13/2015 04:23:08 PM) (Source: DCOM) (EventID: 10010) (User: Keegan-pc)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/13/2015 04:20:02 PM) (Source: DCOM) (EventID: 10010) (User: Keegan-pc)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/13/2015 04:17:02 PM) (Source: DCOM) (EventID: 10010) (User: Keegan-pc)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/13/2015 04:14:01 PM) (Source: DCOM) (EventID: 10010) (User: Keegan-pc)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/13/2015 04:11:34 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.5 with the system
having network hardware address 14-49-E0-08-1B-AB. Network operations on this system may
be disrupted as a result.

Error: (06/13/2015 03:40:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/13/2015 03:20:05 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.4 with the system
having network hardware address 14-49-E0-08-1B-AB. Network operations on this system may
be disrupted as a result.


Microsoft Officearrow-10x10.png
=========================
Error: (06/15/2015 09:09:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856130401d0a76bd20208024294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exec588d80b-135f-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/15/2015 05:46:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.174157cc01d0a74f7be67c944294967295C:\windows\system32\backgroundTaskHost.exe6f910ec5-1343-11e5-8275-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/15/2015 05:41:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085622e001d0a74e662e4eaa4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeb1123db4-1342-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:58:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856d9801d0a6a9694b4ab14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe5ce0676d-129d-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:52:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561d7001d0a6a8b0609eff4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exea66fefd7-129c-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:47:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856232401d0a6a7f9767ae44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeed68a80e-129b-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:42:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085623a001d0a6a7430d2a594294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe3693fa4a-129b-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:37:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856a5c01d0a6a68b8fa1224294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe802381d2-129a-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:32:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856230801d0a6a5d4a797b94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exec8bf05ff-1299-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/14/2015 09:27:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085637c01d0a6a51e6c6a1e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe11e74387-1299-11e5-8275-6002920b310fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 11:28:36.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 11:28:35.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 44%
Total physical RAM: 4001.07 MB
Available physical RAM: 2206.18 MB
Total Pagefile: 4705.07 MB
Available Pagefile: 2808.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:113.4 GB) (Free:70.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8643A50A)

Partition: GPT Partition Type.

==================== End of log ============================

 
 
 


#4 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 16 June 2015 - 01:58 PM

 

OK - that was the addition file; here is the FRST file. I appreciate your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Stephen (administrator) on KEEGAN-PC on 16-06-2015 14:41:25
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Platform: Windows 8arrow-10x10.png.1 Pro (X64) OS Language: English (United States)
Internet Explorerarrow-10x10.pngVersion 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Microsoftarrow-10x10.png Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files Windows Defenderarrow-10x10.png\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe.old
() C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(PCUtilities Software Limited) C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}\optimizerpro.exe
(Get Live Support Limited) C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}\SystemOptimizer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Farbar) C:\Users\Stephen\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [gmsd_us_323] => [X]
HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:/progra~3/{be095~1/192~1.1/tice.dll => "c:\progra~3\{be095~1\192~1.1\tice.dll" File not found
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\274.lnk [2015-03-07]
ShortcutTarget: 274.lnk -> C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe ()
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro.lnk [2015-03-07]
ShortcutTarget: optimizerpro.lnk -> C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}\optimizerpro.exe (PCUtilities Software Limited)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemOptimizer.lnk [2015-02-13]
ShortcutTarget: SystemOptimizer.lnk -> C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}\SystemOptimizer.exe (Get Live Support Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3566614747-3769634103-3560256049-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3566614747-3769634103-3560256049-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: LuckyShoopper -> {663E2251-2429-4DC5-8835-9245968D1E8B} -> C:\Program Files (x86)\LuckyShoopper\TAdAdigC6LRddK.x64.dll [2015-06-14] ()
BHO-x32: LuckyShoopper -> {663E2251-2429-4DC5-8835-9245968D1E8B} -> C:\Program Files (x86)\LuckyShoopper\TAdAdigC6LRddK.dll [2015-06-14] ()
Winsock: Catalog9 01 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BDL.dll [319392 2015-03-14] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default
FF Extension: LuckyShoopper - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\e@yru0nVkY.org [2015-06-14]
FF Extension: EnormoouSaLoes - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\Tps8u@Mo3od1.edu [2015-06-14]
FF Extension: OnlineLowDeals - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\yehazdj_mnyylqcjo@ngwkjbojznfgcnwpfe.com [2015-06-14]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 862ff8a7; c:\Program Files (x86)\afterguard\afterguard.dll [1751552 2015-06-14] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 hyxuduge; C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp [175104 2015-03-07] () [File not signed]
S2 MBAMService; C:\Program Files (x86) Malwarebytesarrow-10x10.png Anti-Malware\mbamservice.exe [1080120 2015-04-14] Malwarebytesarrow-10x10.png Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-13] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-16] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-16] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-16] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 14:40 - 2015-06-16 14:40 - 02109952 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64(1).exe
2015-06-16 14:33 - 2015-06-16 14:33 - 00000000 ____D C:\Users\Stephen\AppData\Local\GWX
2015-06-14 11:45 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-14 11:45 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-14 11:45 - 2015-04-08 18:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-14 11:45 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-14 11:45 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-14 11:45 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-14 11:45 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-14 11:44 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-14 11:44 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-14 11:44 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-14 11:44 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-14 11:44 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-14 11:44 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-14 11:44 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-14 11:44 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-14 11:44 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-14 11:44 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-14 11:44 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-14 11:44 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-14 11:44 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-14 11:44 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-14 11:44 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-14 11:44 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-14 11:44 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-14 11:44 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-14 11:44 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-14 11:44 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-14 11:44 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-14 11:44 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-14 11:44 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-14 11:44 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-14 11:44 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-14 11:44 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-14 11:44 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-14 11:44 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-14 11:43 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-14 11:43 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-14 11:43 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-14 11:43 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-14 11:43 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-14 11:43 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-14 11:43 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-14 11:43 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-14 11:43 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-14 11:43 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-14 11:43 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-14 11:43 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-14 11:43 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-14 11:43 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-14 11:43 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-14 11:43 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-14 11:43 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-14 11:43 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-14 11:43 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-14 11:43 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-14 11:43 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-14 11:43 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-14 11:43 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-14 11:43 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-14 11:43 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-14 11:43 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-14 11:43 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-14 11:43 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-14 11:43 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-14 11:43 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-14 11:43 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-14 11:43 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-14 11:43 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-14 11:43 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-14 09:20 - 2015-06-14 09:21 - 00030975 _____ C:\Users\Stephen\Downloads\Addition.txt
2015-06-14 09:19 - 2015-06-16 14:41 - 00009784 _____ C:\Users\Stephen\Downloads\FRST.txt
2015-06-14 09:19 - 2015-06-16 14:41 - 00000000 ____D C:\FRST
2015-06-14 09:16 - 2015-06-14 09:17 - 02109952 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2015-06-14 08:21 - 2015-06-14 08:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-14 07:17 - 2015-06-15 13:17 - 00000378 _____ C:\windows\Tasks\FontElite.job
2015-06-14 07:17 - 2015-06-14 07:17 - 00003268 _____ C:\windows\System32\Tasks\FontElite
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\LuckyShoopper
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\LiteMatch
2015-06-14 07:17 - 2015-06-14 07:17 - 00000000 ____D C:\Program Files (x86)\afterguard
2015-06-14 07:16 - 2015-06-15 13:16 - 00000378 _____ C:\windows\Tasks\PasswordBlocker.job
2015-06-14 07:16 - 2015-06-14 13:17 - 00000000 ____D C:\ProgramData\{ed5def5e-5e31-df06-ed5d-def5e5e3bd79}
2015-06-14 07:16 - 2015-06-14 13:16 - 00000000 ____D C:\ProgramData\{754992a7-22cd-5a6d-7549-992a722c4a9c}
2015-06-14 07:16 - 2015-06-14 07:16 - 00004096 _____ C:\windows\SysWOW64\ntwdblib.dll
2015-06-14 07:16 - 2015-06-14 07:16 - 00003268 _____ C:\windows\System32\Tasks\PasswordBlocker
2015-06-14 07:16 - 2015-06-14 07:16 - 00000000 ____D C:\Program Files (x86)\EnormoouSaLoes
2015-06-12 14:42 - 2015-06-12 14:42 - 00001167 _____ C:\Users\Madigan\Desktop\Continue Install Software Installation.lnk
2015-06-08 19:29 - 2015-06-08 19:29 - 00000000 ____D C:\Users\Madigan\AppData\Local\GWX
2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\Users\kclos_000\AppData\Local\Intel_Corporation
2015-05-31 11:22 - 2015-06-13 17:40 - 00000000 ____D C:\Program Files (x86)\ProShoppeR
2015-05-31 11:22 - 2015-06-13 17:33 - 00000000 ____D C:\Program Files (x86)\PrioShoppper
2015-05-31 11:22 - 2015-05-31 11:22 - 00000000 ____D C:\Program Files (x86)\topiDeall
2015-05-31 11:22 - 2015-05-31 11:22 - 00000000 ____D C:\Program Files (x86)\Currency Converter
2015-05-20 16:44 - 2015-03-31 20:28 - 24806000 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 24007768 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 06080608 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 04788464 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 02946336 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 02775672 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01402336 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01399240 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01369088 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01063936 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00980312 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00672088 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00623616 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00616280 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00473864 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00393480 _____ C:\windows\system32\igfxTray.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00345864 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00280840 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00274040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00255488 _____ C:\windows\system32\igfxCPL.cpl
2015-05-20 16:44 - 2015-03-31 20:28 - 00220432 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00219400 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00213504 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00211656 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00184352 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4170.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178672 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178176 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00134264 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00086528 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00036616 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00035328 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00004016 _____ C:\windows\system32\iglhxs64.vp
2015-05-20 16:44 - 2015-03-31 20:27 - 17765456 _____ C:\windows\system32\igd11dxva64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 17289048 _____ C:\windows\SysWOW64\igd11dxva32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 15980032 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 10850816 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 09414176 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 08622624 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 06710542 _____ C:\windows\system32\igdclbif.bin
2015-05-20 16:44 - 2015-03-31 20:27 - 04888368 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-05-20 16:44 - 2015-03-31 20:27 - 03583488 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 03318272 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01637200 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01269960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00398848 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00350720 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00282696 _____ (Intel Corporation) C:\windows\system32\igd10idpp64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00263120 _____ (Intel Corporation) C:\windows\SysWOW64\igd10idpp32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00227328 _____ C:\windows\system32\igdde64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00187904 _____ C:\windows\SysWOW64\igdde32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00152064 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 09505280 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 07481344 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 00449800 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-05-20 16:44 - 2015-03-31 20:26 - 00157960 _____ (Intel Corporation) C:\windows\system32\difx64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 14:38 - 2014-12-25 21:09 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63AC061A-90DC-43A6-9745-BE335541AF70}
2015-06-16 14:38 - 2014-12-25 20:50 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1001
2015-06-16 14:38 - 2014-12-25 08:25 - 01890723 _____ C:\windows\WindowsUpdate.log
2015-06-16 14:36 - 2014-08-13 21:14 - 00818732 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-16 14:33 - 2015-03-20 16:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-16 14:33 - 2015-03-20 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 14:32 - 2014-12-25 20:44 - 00000000 ____D C:\Users\Stephen\OneDrive
2015-06-16 14:31 - 2013-08-22 10:46 - 00031116 _____ C:\windows\setupact.log
2015-06-16 14:31 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-16 14:31 - 2013-08-22 10:44 - 00337808 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-15 15:45 - 2013-08-22 09:25 - 00786432 ___SH C:\windows\system32\config\BBI
2015-06-15 15:27 - 2014-12-27 09:36 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-15 15:27 - 2014-12-27 09:36 - 00000000 ____D C:\windows\system32\appraiser
2015-06-15 15:27 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-15 15:26 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-15 15:11 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-15 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-06-15 12:47 - 2014-12-27 17:53 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F64623FF-396F-4C43-A37F-10C5637EB129}
2015-06-15 12:45 - 2015-01-01 22:10 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C37CF2B6-68C2-43D8-B555-01D5E3C378D2}
2015-06-15 06:56 - 2014-12-27 04:37 - 00000000 ____D C:\windows\system32\MRT
2015-06-15 05:51 - 2014-12-27 04:37 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-14 11:45 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-14 08:17 - 2014-12-25 21:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1004
2015-06-14 08:17 - 2014-12-25 21:52 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1005
2015-06-14 08:12 - 2015-03-23 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 07:17 - 2015-04-25 11:27 - 00000000 ____D C:\Program Files (x86)\LibraryMonitor
2015-06-14 07:17 - 2015-03-07 11:09 - 00000000 ____D C:\ProgramData\17505497784407803240
2015-06-14 07:16 - 2015-03-07 11:09 - 00000000 ____D C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}
2015-06-14 07:16 - 2015-03-07 11:07 - 00000000 ____D C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}
2015-06-14 06:45 - 2014-12-25 21:47 - 00000000 ____D C:\Users\kclos_000\OneDrive
2015-06-12 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-08 19:28 - 2014-12-25 21:49 - 00000000 ___RD C:\Users\Madigan\OneDrive
2015-06-07 20:21 - 2014-08-13 21:05 - 00039504 _____ C:\windows\PFRO.log
2015-06-03 12:18 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 16:30 - 2014-12-27 18:06 - 00000000 ____D C:\Users\kclos_000\AppData\Roaming\.minecraft
2015-05-31 11:22 - 2015-03-07 11:06 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5
2015-05-25 20:35 - 2015-04-13 15:45 - 00078848 ___SH C:\Users\kclos_000\Desktop\Thumbs.db
2015-05-21 03:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-05-20 16:45 - 2014-08-13 20:21 - 00000000 ____D C:\windows\Firmware
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\system32\GWX
2015-05-18 22:11 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-05-18 22:11 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-05-02 16:46 - 2015-05-02 16:46 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-03-14 07:17 - 2015-03-14 07:17 - 0000044 _____ () C:\Users\Stephen\AppData\Roaming\WB.CFG
2015-03-14 09:49 - 2015-03-14 09:49 - 0613255 _____ (CMI Limited) C:\Users\Stephen\AppData\Local\nsz93BC.tmp
2015-03-14 10:32 - 2015-04-27 21:03 - 0004956 _____ () C:\Users\Stephen\AppData\Local\Temp-log.txt
2015-05-09 06:34 - 2015-05-09 06:34 - 0000000 _____ () C:\Users\Stephen\AppData\Local\Temp.dat
2014-08-13 21:06 - 2014-08-13 21:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Madigan\AppData\Local\Temp\ICReinstall_zipinstall.exe
C:\Users\Stephen\AppData\Local\Temp\3338.exe
C:\Users\Stephen\AppData\Local\Temp\4173.exe
C:\Users\Stephen\AppData\Local\Temp\4628590567464729151.exe
C:\Users\Stephen\AppData\Local\Temp\5036414426622247552c.exe
C:\Users\Stephen\AppData\Local\Temp\5857830153319760363b.exe
C:\Users\Stephen\AppData\Local\Temp\6691.exe
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.dll
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.exe
C:\Users\Stephen\AppData\Local\Temp\7A2C.exe
C:\Users\Stephen\AppData\Local\Temp\B0F5AADD-3088-0A78-F03B-563AB4BB0F06.exe
C:\Users\Stephen\AppData\Local\Temp\bitool.dll
C:\Users\Stephen\AppData\Local\Temp\ntwdblib.dll
C:\Users\Stephen\AppData\Local\Temp\setup_607.exe
C:\Users\Stephen\AppData\Local\Temp\setup_ra.exe
C:\Users\Stephen\AppData\Local\Temp\SpOrder.dll
C:\Users\Stephen\AppData\Local\Temp\sysoptsetup.exe
C:\Users\Stephen\AppData\Local\Temp\TPLIStubSetup.exe
C:\Users\Stephen\AppData\Local\Temp\Uninstall.exe
C:\Users\Stephen\AppData\Local\Temp\UUC1B17.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 05:07

==================== End of log ============================

 
 


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:14 AM

Posted 16 June 2015 - 05:07 PM

Hello,

 

 

Thank you for the logs.

 

 

STEP 1

 

 

Please create a new restore point first. See here how.

 

Now please download GeekUninstaller and save it to desktop.

Extract the archive and run the file geek.exe IxXO5oO.jpg
From the list find and uninstall the programs below:
 

Currency Converter
DealNoDeal
EnormoouSaLoes
LiteMatch
LuckyShoopper
PremiumStrengthener
PrioShoppper
topiDeall

 
Right click on the Currency Converter for example and click on the Uninstall button. (here is an example pic for Mozilla Firefox)
 
XhV2QLa.png
 
Once the uninstallation is complete, the following window will appear to let you remove all leftovers including unnecessary files, useless folders, registry entries related to the uninstalled program.

 

Here is an example pic for Mozilla Firefox:

geekuninstaller-3.png

 

Click on the “Finish” button to remove all detected traces.

Finally, click on the “Close” button to complete and go back to the main interface of Geek Uninstaller .

Next uninstall the rest of the programs. If a program won't uninstall then don't worry and continue with the next step. We will remove it manually.

 

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 4

 

 

Please run a new scan with FRST (make sure that Addition.txt is checked before you press the Scan button) and then please post both logs in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 17 June 2015 - 05:58 AM

 

Here's the AdwCleaner file

 

# AdwCleaner v4.206 - Logfile created 17/06/2015 at 06:53:59
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Stephen - KEEGAN-PC
# Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : qrnfd_1_10_0_9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SaveItCoupons
Folder Deleted : C:\ProgramData\PastaLeadsAgent
Folder Deleted : C:\ProgramData\5770c19000002c81
Folder Deleted : C:\ProgramData\8712a7d600004060
Folder Deleted : C:\ProgramData\a150038c00002fa9
Folder Deleted : C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}
Folder Deleted : C:\ProgramData\{26f1c234-c336-d495-26f1-1c234c3308d3}
Folder Deleted : C:\ProgramData\{754992a7-22cd-5a6d-7549-992a722c4a9c}
Folder Deleted : C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}
Folder Deleted : C:\ProgramData\{96320c34-1138-16b9-9632-20c3411330d0}
Folder Deleted : C:\ProgramData\{ed5def5e-5e31-df06-ed5d-def5e5e3bd79}
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\shopperz
Folder Deleted : C:\Program Files (x86)\download Manager
Folder Deleted : C:\Program Files (x86) System Optimizerarrow-10x10.png
Folder Deleted : C:\Program Files (x86)\ProShoppeR
Folder Deleted : C:\Program Files (x86) Optimizerarrow-10x10.png Pro 3.56
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Program Files\Common Files\pastaleads
Folder Deleted : C:\Users\kclos_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Madigan\AppData\Local\StormWatch
Folder Deleted : C:\Users\Madigan\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Stephen\AppData\Local\Gameo
Folder Deleted : C:\Users\Stephen\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Stephen\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Stephen\AppData\Local\Taplika
Folder Deleted : C:\Users\Stephen\AppData\Local\Webplayer Remote
Folder Deleted : C:\Users\Stephen\AppData\Local\4396405B-1425723020-02CC-AA1A-9850ED46B8E5
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Stephen\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\e@yru0nVkY.org
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\prefs.js
File Deleted : C:\windows\patsearch.bin
File Deleted : C:\windows\SysWOW64\BasementDusterOff.ini
File Deleted : C:\windows\SysWOW64\BDL.dll
File Deleted : C:\windows\System32\BasementDusterOff.ini
File Deleted : C:\windows\System32\drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Play Gamesarrow-10x10.png Online.url
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup optimizerproarrow-10x10.png.lnk
File Deleted : C:\Users\Stephen\Desktop\Play Games Online.url

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : gameo_update
Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\696dade9-b81b-3cad-7b2b-47af4829c626
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ADA38E4E-F20A-4399-BE91-E260AC341C69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software Optimizer Proarrow-10x10.png
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\gameo
Key Deleted : HKCU\Software\Taplika Browser
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\ClientConnect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\EZ Software Updater
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\StormWatchApp
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\StrongSignal
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[smg111vd.default\prefs.js] - Line Deleted : user_pref("extensions.51aMzYgpnSx9OoeH.scode", "(function(){try{if(window.location.href.indexOf(\"rjs6rdaFrHr8qjaGrjkHrdrHpjk\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\ bancdebinaryarrow-10x10.png.c[...]
[smg111vd.default\prefs.js] - Line Deleted : user_pref("extensions.QWIlyoV1rKNEv0K7.scode", "(function(){try{if(window.location.href.indexOf(\"rjs6rdaFrHr8qjaGrjkHrdrHpjk\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogma[...]
[smg111vd.default\prefs.js] - Line Deleted : user_pref("extensions.YhU2bL5RM5tymqal.scode", "(function(){try{if(window.location.href.indexOf(\"rjs6rdaFrHr8qjaGrjkHrdrHpjk\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",[...]
[smg111vd.default\prefs.js] - Line Deleted : user_pref("extensions.yCvv09ElJZ2pL5GZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjs6rdaFrHr8qjaGrjkHrdrHpjk\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogma[...]

*************************

AdwCleaner[R0].txt - [9519 bytes] - [17/06/2015 06:53:01]
AdwCleaner[S0].txt - [9207 bytes] - [17/06/2015 06:53:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9266  bytes] ##########
 

 
 


#7 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 17 June 2015 - 06:33 AM

Here's the JRT file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 Pro x64
Ran by Stephen on Wed 06/17/2015 at  7:05:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] hyxuduge



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\FontElite
Successfully deleted: [Task] C:\windows\system32\tasks\PasswordBlocker
Successfully deleted: [Task] C:\windows\tasks\FontElite.job
Successfully deleted: [Task] C:\windows\tasks\PasswordBlocker.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_323



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Stephen\appdata\local\nsz93BC.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\dealnodeal
Successfully deleted: [Folder] C:\Program Files (x86)\librarymonitor
Successfully deleted: [Folder] C:\Program Files (x86)\youtube download pool
Successfully deleted: [Folder] C:\Users\Stephen\appdata\locallow\company
Successfully deleted: [Folder] C:\ProgramData\17505497784407803240



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/17/2015 at  7:07:18.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 17 June 2015 - 06:37 AM

The only program that did not want to be uninstalled was DealNoDeal, which is not surprising since the Windows uninstall function could not clear that one. When the Uninstall window would open it would ask if I wanted to uninstall xyz, which I found unusual.

 

The FRST file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Stephen (administrator) on KEEGAN-PC on 17-06-2015 07:34:11
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Farbar) C:\Users\Stephen\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:/progra~3/{be095~1/192~1.1/tice.dll => "c:\progra~3\{be095~1\192~1.1\tice.dll" File not found
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\274.lnk [2015-03-07]
ShortcutTarget: 274.lnk -> C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}\274.exe (No File)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemOptimizer.lnk [2015-02-13]
ShortcutTarget: SystemOptimizer.lnk -> C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}\SystemOptimizer.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 hyxuduge; C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp [175104 2015-03-07] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-13] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-16] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-16] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-16] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 07:07 - 2015-06-17 07:07 - 00001482 _____ C:\Users\Stephen\Desktop\JRT.txt
2015-06-17 07:05 - 2015-06-17 07:05 - 00000207 _____ C:\windows\tweaking.com-regbackup-KEEGAN-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-17 07:05 - 2015-06-17 07:05 - 00000000 ____D C:\RegBackup
2015-06-17 07:00 - 2015-06-17 07:01 - 02949914 _____ (Thisisu) C:\Users\Stephen\Downloads\JRT.exe
2015-06-17 06:56 - 2015-06-17 06:58 - 02231296 _____ C:\Users\Stephen\Downloads\AdwCleaner(1).exe
2015-06-17 06:52 - 2015-06-17 06:54 - 00000000 ____D C:\AdwCleaner
2015-06-17 06:52 - 2015-06-17 06:52 - 02231296 _____ C:\Users\Stephen\Downloads\AdwCleaner.exe
2015-06-17 06:47 - 2015-06-17 06:47 - 02585202 _____ C:\Users\Stephen\Downloads\geek.zip
2015-06-16 14:44 - 2015-06-16 14:44 - 00035459 _____ C:\Users\Stephen\Downloads\FRST 06 16.txt
2015-06-16 14:44 - 2015-06-16 14:44 - 00029238 _____ C:\Users\Stephen\Downloads\Addition 06 16.txt
2015-06-16 14:40 - 2015-06-16 14:40 - 02109952 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64(1).exe
2015-06-16 14:33 - 2015-06-16 14:33 - 00000000 ____D C:\Users\Stephen\AppData\Local\GWX
2015-06-14 11:45 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-14 11:45 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-14 11:45 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-14 11:45 - 2015-04-08 18:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-14 11:45 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-14 11:45 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-14 11:45 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-14 11:45 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-14 11:44 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-14 11:44 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-14 11:44 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-14 11:44 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-14 11:44 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-14 11:44 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-14 11:44 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-14 11:44 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-14 11:44 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-14 11:44 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-14 11:44 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-14 11:44 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-14 11:44 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-14 11:44 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-14 11:44 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-14 11:44 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-14 11:44 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-14 11:44 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-14 11:44 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-14 11:44 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-14 11:44 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-14 11:44 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-14 11:44 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-14 11:44 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-14 11:44 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-14 11:44 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-14 11:44 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-14 11:44 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-14 11:43 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-14 11:43 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-14 11:43 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-14 11:43 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-14 11:43 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-14 11:43 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-14 11:43 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-14 11:43 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-14 11:43 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-14 11:43 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-14 11:43 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-14 11:43 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-14 11:43 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-14 11:43 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-14 11:43 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-14 11:43 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-14 11:43 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-14 11:43 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-14 11:43 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-14 11:43 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-14 11:43 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-14 11:43 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-14 11:43 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-14 11:43 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-14 11:43 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-14 11:43 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-14 11:43 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-14 11:43 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-14 11:43 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-14 11:43 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-14 11:43 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-14 11:43 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-14 11:43 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-14 11:43 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-14 11:43 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-14 11:43 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-14 09:20 - 2015-06-16 14:42 - 00029238 _____ C:\Users\Stephen\Downloads\Addition.txt
2015-06-14 09:19 - 2015-06-17 07:34 - 00006958 _____ C:\Users\Stephen\Downloads\FRST.txt
2015-06-14 09:19 - 2015-06-17 07:34 - 00000000 ____D C:\FRST
2015-06-14 09:16 - 2015-06-14 09:17 - 02109952 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2015-06-14 08:21 - 2015-06-17 06:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-14 07:16 - 2015-06-14 07:16 - 00004096 _____ C:\windows\SysWOW64\ntwdblib.dll
2015-06-12 14:42 - 2015-06-12 14:42 - 00001167 _____ C:\Users\Madigan\Desktop\Continue Install Software Installation.lnk
2015-06-08 19:29 - 2015-06-08 19:29 - 00000000 ____D C:\Users\Madigan\AppData\Local\GWX
2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\Users\kclos_000\AppData\Local\Intel_Corporation
2015-05-20 16:44 - 2015-03-31 20:28 - 24806000 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 24007768 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 06080608 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 04788464 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 02946336 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 02775672 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01402336 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01399240 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01369088 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 01063936 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00980312 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00672088 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00623616 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00616280 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00473864 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00393480 _____ C:\windows\system32\igfxTray.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00345864 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00280840 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00274040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00255488 _____ C:\windows\system32\igfxCPL.cpl
2015-05-20 16:44 - 2015-03-31 20:28 - 00220432 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00219400 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-05-20 16:44 - 2015-03-31 20:28 - 00213504 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00211656 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00184352 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4170.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178672 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00178176 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00134264 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00086528 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00036616 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00035328 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-05-20 16:44 - 2015-03-31 20:28 - 00004016 _____ C:\windows\system32\iglhxs64.vp
2015-05-20 16:44 - 2015-03-31 20:27 - 17765456 _____ C:\windows\system32\igd11dxva64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 17289048 _____ C:\windows\SysWOW64\igd11dxva32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 15980032 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 10850816 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 09414176 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 08622624 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 06710542 _____ C:\windows\system32\igdclbif.bin
2015-05-20 16:44 - 2015-03-31 20:27 - 04888368 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-05-20 16:44 - 2015-03-31 20:27 - 03583488 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 03318272 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01637200 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 01269960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00398848 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00350720 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00282696 _____ (Intel Corporation) C:\windows\system32\igd10idpp64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00263120 _____ (Intel Corporation) C:\windows\SysWOW64\igd10idpp32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00227328 _____ C:\windows\system32\igdde64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00187904 _____ C:\windows\SysWOW64\igdde32.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
2015-05-20 16:44 - 2015-03-31 20:27 - 00152064 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 09505280 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 07481344 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2015-05-20 16:44 - 2015-03-31 20:26 - 00449800 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-05-20 16:44 - 2015-03-31 20:26 - 00157960 _____ (Intel Corporation) C:\windows\system32\difx64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 07:33 - 2014-12-25 08:25 - 01381881 _____ C:\windows\WindowsUpdate.log
2015-06-17 07:11 - 2014-12-25 20:50 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1001
2015-06-17 07:02 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-06-17 07:01 - 2014-08-13 21:14 - 00818732 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-17 06:55 - 2015-03-20 16:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 06:54 - 2015-03-20 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-17 06:54 - 2014-12-25 20:44 - 00000000 ____D C:\Users\Stephen\OneDrive
2015-06-17 06:54 - 2013-08-22 10:46 - 00031232 _____ C:\windows\setupact.log
2015-06-17 06:54 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-17 06:54 - 2013-08-22 09:25 - 00786432 ___SH C:\windows\system32\config\BBI
2015-06-17 03:02 - 2014-12-25 21:09 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63AC061A-90DC-43A6-9745-BE335541AF70}
2015-06-16 14:31 - 2013-08-22 10:44 - 00337808 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-15 15:27 - 2014-12-27 09:36 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-15 15:27 - 2014-12-27 09:36 - 00000000 ____D C:\windows\system32\appraiser
2015-06-15 15:27 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-15 15:26 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-15 15:11 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-15 12:47 - 2014-12-27 17:53 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F64623FF-396F-4C43-A37F-10C5637EB129}
2015-06-15 12:45 - 2015-01-01 22:10 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C37CF2B6-68C2-43D8-B555-01D5E3C378D2}
2015-06-15 06:56 - 2014-12-27 04:37 - 00000000 ____D C:\windows\system32\MRT
2015-06-15 05:51 - 2014-12-27 04:37 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-14 11:45 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-14 08:17 - 2014-12-25 21:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1004
2015-06-14 08:17 - 2014-12-25 21:52 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3566614747-3769634103-3560256049-1005
2015-06-14 08:12 - 2015-03-23 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 06:45 - 2014-12-25 21:47 - 00000000 ____D C:\Users\kclos_000\OneDrive
2015-06-12 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-08 19:28 - 2014-12-25 21:49 - 00000000 ___RD C:\Users\Madigan\OneDrive
2015-06-07 20:21 - 2014-08-13 21:05 - 00039504 _____ C:\windows\PFRO.log
2015-06-03 12:18 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 16:30 - 2014-12-27 18:06 - 00000000 ____D C:\Users\kclos_000\AppData\Roaming\.minecraft
2015-05-31 11:22 - 2015-03-07 11:06 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5
2015-05-25 20:35 - 2015-04-13 15:45 - 00078848 ___SH C:\Users\kclos_000\Desktop\Thumbs.db
2015-05-21 03:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-05-20 16:45 - 2014-08-13 20:21 - 00000000 ____D C:\windows\Firmware
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 02:31 - 2015-04-05 09:42 - 00000000 ___SD C:\windows\system32\GWX
2015-05-18 22:11 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-05-18 22:11 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-03-14 07:17 - 2015-03-14 07:17 - 0000044 _____ () C:\Users\Stephen\AppData\Roaming\WB.CFG
2015-03-14 10:32 - 2015-04-27 21:03 - 0004956 _____ () C:\Users\Stephen\AppData\Local\Temp-log.txt
2015-05-09 06:34 - 2015-05-09 06:34 - 0000000 _____ () C:\Users\Stephen\AppData\Local\Temp.dat
2014-08-13 21:06 - 2014-08-13 21:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Madigan\AppData\Local\Temp\ICReinstall_zipinstall.exe
C:\Users\Stephen\AppData\Local\Temp\3338.exe
C:\Users\Stephen\AppData\Local\Temp\4173.exe
C:\Users\Stephen\AppData\Local\Temp\4628590567464729151.exe
C:\Users\Stephen\AppData\Local\Temp\5036414426622247552c.exe
C:\Users\Stephen\AppData\Local\Temp\5857830153319760363b.exe
C:\Users\Stephen\AppData\Local\Temp\6691.exe
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.dll
C:\Users\Stephen\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.exe
C:\Users\Stephen\AppData\Local\Temp\7A2C.exe
C:\Users\Stephen\AppData\Local\Temp\B0F5AADD-3088-0A78-F03B-563AB4BB0F06.exe
C:\Users\Stephen\AppData\Local\Temp\bitool.dll
C:\Users\Stephen\AppData\Local\Temp\ntwdblib.dll
C:\Users\Stephen\AppData\Local\Temp\Quarantine.exe
C:\Users\Stephen\AppData\Local\Temp\setup_607.exe
C:\Users\Stephen\AppData\Local\Temp\setup_ra.exe
C:\Users\Stephen\AppData\Local\Temp\SpOrder.dll
C:\Users\Stephen\AppData\Local\Temp\sqlite3.dll
C:\Users\Stephen\AppData\Local\Temp\sysoptsetup.exe
C:\Users\Stephen\AppData\Local\Temp\TPLIStubSetup.exe
C:\Users\Stephen\AppData\Local\Temp\Uninstall.exe
C:\Users\Stephen\AppData\Local\Temp\UUC1B17.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 05:07

==================== End of log ============================


And the Addition file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-17 07:34:32
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3566614747-3769634103-3560256049-500 - Administrator - Disabled)
closs_000 (S-1-5-21-3566614747-3769634103-3560256049-1006 - Limited - Enabled) => C:\Users\closs_000
Guest (S-1-5-21-3566614747-3769634103-3560256049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3566614747-3769634103-3560256049-1003 - Limited - Enabled)
kclos_000 (S-1-5-21-3566614747-3769634103-3560256049-1005 - Limited - Enabled) => C:\Users\kclos_000
Madigan (S-1-5-21-3566614747-3769634103-3560256049-1004 - Limited - Enabled) => C:\Users\Madigan
Stephen (S-1-5-21-3566614747-3769634103-3560256049-1001 - Administrator - Enabled) => C:\Users\Stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4631.1003 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 19:48:39 Scheduled Checkpoint
03-06-2015 16:46:22 Windows Update
13-06-2015 17:39:03 Scheduled Checkpoint
17-06-2015 06:46:20 BleepComp

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-03-14 10:18 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BFF621-2462-4418-A70C-1B41CA4AEA65} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {43A689E7-2D26-4AF6-B64D-364749D9B8B9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {64F9AC44-6935-44D1-9CE3-CDA8FBE4AEE1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-15] (Microsoft Corporation)
Task: {A173D955-1900-4736-8F43-DAB6F1ED3E8A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B2ABC63D-936C-4825-8A51-ACAFB6B9782B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {E14682E3-00F3-4397-AB5E-0EC257A1A194} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F286218A-1613-4B08-BC9F-B7970E33E820} - System32\Tasks\{88E8C6AF-75A6-4397-99D7-06402F64FC4A} => pcalua.exe -a "C:\Program Files (x86)\DealNoDeal\DealNoDeal.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {F7166DA2-AFCF-4096-8F8E-EC1EAD11A0D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2015-02-08 23:28 - 2012-09-18 16:27 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2015-02-08 23:28 - 2012-09-18 16:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\closs_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\kclos_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Madigan\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Stephen\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 207.69.188.186 - 207.69.188.187

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{C2224DB9-0B81-42B3-9744-5CAE4A512592}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8241AC73-6EDF-4B12-887B-D2F81AF17A82}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4FC403E6-8B16-4788-AD8A-F402B833AEF3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9CB3C579-8B8F-4A37-9174-0B62FBB1AA38}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DE4429D4-6030-44E3-956B-91CC8DF97760}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\youtubeserv.exe
FirewallRules: [{4E7C9EBA-834A-46FE-9C2E-3395E44F172B}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\netclean.exe
FirewallRules: [{4DDF549E-1322-431D-9B1E-5FE736440C59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1ED347B6-E499-4EB2-AF88-49FAE1031C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AF4BB3B-7852-4F23-9B00-C6058F0E42AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3A0412C-FFB1-48E0-A671-B9170D826B90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0CD85C3-A6E1-4B34-A60A-405B9A352735}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{25A53EBA-0CFF-47C5-A9C4-253116AB65BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D5E8C6C-0AC2-498C-AB8B-8A234A02C65A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A0C8E398-2C22-4851-AE53-E886A1A42166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{C56DE36B-0060-4DC0-84BB-FDEF64691F53}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{78F5C30B-9ABD-4561-A1EC-DF922C34DBE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 06:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x6d4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 06:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x7e8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 05:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x3c4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 03:00:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/16/2015 11:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x2e4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 11:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x13c4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 10:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x60
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 09:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x10a8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 09:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x134c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 08:56:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 554

Start Time: 01d0a897a48e7dd2

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: 9812fd1f-148b-11e5-8276-6002920b310f

Faulting package full name: Microsoft.BingNews_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews


System errors:
=============
Error: (06/17/2015 07:06:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/17/2015 07:06:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/17/2015 07:06:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/17/2015 06:55:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/17/2015 06:55:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office:
=========================
Error: (06/17/2015 06:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f6d401d0a8ea7a28d4b1C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllb8baa835-14dd-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 06:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f7e801d0a8e63b378b71C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll79e797f1-14d9-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 05:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f3c401d0a8e41e0a9673C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll5c772ee8-14d7-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 03:00:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/16/2015 11:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f2e401d0a8af1dfbd7d5C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll5c245f8a-14a2-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 11:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f13c401d0a8aad9d7d608C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll245d0fcf-149e-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 10:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f6001d0a8a696d7aa10C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dlld4d54796-1499-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 09:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f10a801d0a8a02ac60cceC:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll754167ba-1493-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 09:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f134c01d0a89be64322ddC:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll30bc2130-148f-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 08:56:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.1741555401d0a897a48e7dd24294967295C:\windows\System32\BackgroundTaskHost.exe9812fd1f-148b-11e5-8276-6002920b310fMicrosoft.BingNews_3.0.4.322_x64__8wekyb3d8bbweAppexNews


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 11:28:36.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 11:28:35.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 36%
Total physical RAM: 4001.07 MB
Available physical RAM: 2535.51 MB
Total Pagefile: 4705.07 MB
Available Pagefile: 3258.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:113.4 GB) (Free:70.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8643A50A)

Partition: GPT Partition Type.

==================== End of log ============================



#9 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 17 June 2015 - 06:39 AM

Let's try this again - the Addition file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-17 07:34:32
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3566614747-3769634103-3560256049-500 - Administrator - Disabled)
closs_000 (S-1-5-21-3566614747-3769634103-3560256049-1006 - Limited - Enabled) => C:\Users\closs_000
Guest (S-1-5-21-3566614747-3769634103-3560256049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3566614747-3769634103-3560256049-1003 - Limited - Enabled)
kclos_000 (S-1-5-21-3566614747-3769634103-3560256049-1005 - Limited - Enabled) => C:\Users\kclos_000
Madigan (S-1-5-21-3566614747-3769634103-3560256049-1004 - Limited - Enabled) => C:\Users\Madigan
Stephen (S-1-5-21-3566614747-3769634103-3560256049-1001 - Administrator - Enabled) => C:\Users\Stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4631.1003 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 19:48:39 Scheduled Checkpoint
03-06-2015 16:46:22 Windows Update
13-06-2015 17:39:03 Scheduled Checkpoint
17-06-2015 06:46:20 BleepComp

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-03-14 10:18 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BFF621-2462-4418-A70C-1B41CA4AEA65} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {43A689E7-2D26-4AF6-B64D-364749D9B8B9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {64F9AC44-6935-44D1-9CE3-CDA8FBE4AEE1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-15] (Microsoft Corporation)
Task: {A173D955-1900-4736-8F43-DAB6F1ED3E8A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B2ABC63D-936C-4825-8A51-ACAFB6B9782B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {E14682E3-00F3-4397-AB5E-0EC257A1A194} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F286218A-1613-4B08-BC9F-B7970E33E820} - System32\Tasks\{88E8C6AF-75A6-4397-99D7-06402F64FC4A} => pcalua.exe -a "C:\Program Files (x86)\DealNoDeal\DealNoDeal.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {F7166DA2-AFCF-4096-8F8E-EC1EAD11A0D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2015-02-08 23:28 - 2012-09-18 16:27 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2015-02-08 23:28 - 2012-09-18 16:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\closs_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\kclos_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Madigan\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Stephen\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 207.69.188.186 - 207.69.188.187

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{C2224DB9-0B81-42B3-9744-5CAE4A512592}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8241AC73-6EDF-4B12-887B-D2F81AF17A82}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4FC403E6-8B16-4788-AD8A-F402B833AEF3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9CB3C579-8B8F-4A37-9174-0B62FBB1AA38}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DE4429D4-6030-44E3-956B-91CC8DF97760}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\youtubeserv.exe
FirewallRules: [{4E7C9EBA-834A-46FE-9C2E-3395E44F172B}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\netclean.exe
FirewallRules: [{4DDF549E-1322-431D-9B1E-5FE736440C59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1ED347B6-E499-4EB2-AF88-49FAE1031C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AF4BB3B-7852-4F23-9B00-C6058F0E42AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3A0412C-FFB1-48E0-A671-B9170D826B90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0CD85C3-A6E1-4B34-A60A-405B9A352735}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{25A53EBA-0CFF-47C5-A9C4-253116AB65BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D5E8C6C-0AC2-498C-AB8B-8A234A02C65A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A0C8E398-2C22-4851-AE53-E886A1A42166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{C56DE36B-0060-4DC0-84BB-FDEF64691F53}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{78F5C30B-9ABD-4561-A1EC-DF922C34DBE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 06:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x6d4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 06:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x7e8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 05:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x3c4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/17/2015 03:00:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/16/2015 11:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x2e4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 11:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x13c4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 10:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x60
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 09:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x10a8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 09:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x134c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/16/2015 08:56:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 554

Start Time: 01d0a897a48e7dd2

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: 9812fd1f-148b-11e5-8276-6002920b310f

Faulting package full name: Microsoft.BingNews_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews


System errors:
=============
Error: (06/17/2015 07:06:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/17/2015 07:06:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/17/2015 07:06:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/17/2015 06:55:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/17/2015 06:55:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (06/17/2015 06:54:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office:
=========================
Error: (06/17/2015 06:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f6d401d0a8ea7a28d4b1C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllb8baa835-14dd-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 06:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f7e801d0a8e63b378b71C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll79e797f1-14d9-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 05:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f3c401d0a8e41e0a9673C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll5c772ee8-14d7-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/17/2015 03:00:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/16/2015 11:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f2e401d0a8af1dfbd7d5C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll5c245f8a-14a2-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 11:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f13c401d0a8aad9d7d608C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll245d0fcf-149e-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 10:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f6001d0a8a696d7aa10C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dlld4d54796-1499-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 09:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f10a801d0a8a02ac60cceC:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll754167ba-1493-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 09:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f134c01d0a89be64322ddC:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll30bc2130-148f-11e5-8276-6002920b310f1508E719.MLB.TV_2.0.0.45_x64__9h0pwecjjphwjApp

Error: (06/16/2015 08:56:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.1741555401d0a897a48e7dd24294967295C:\windows\System32\BackgroundTaskHost.exe9812fd1f-148b-11e5-8276-6002920b310fMicrosoft.BingNews_3.0.4.322_x64__8wekyb3d8bbweAppexNews


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 11:28:36.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 11:28:35.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 10:45:43.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:59:39.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 09:58:48.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 36%
Total physical RAM: 4001.07 MB
Available physical RAM: 2535.51 MB
Total Pagefile: 4705.07 MB
Available Pagefile: 3258.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:113.4 GB) (Free:70.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8643A50A)

Partition: GPT Partition Type.

==================== End of log ============================



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:14 AM

Posted 18 June 2015 - 03:24 AM

Hi,
 
 
Please download the following file => Attached File  fixlist.txt   2.82KB   1 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how are things after the fix above.

 
Regards,
Georgi


cXfZ4wS.png


#11 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 18 June 2015 - 05:38 AM

So far, the popups have gone away.

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-18 06:34:17 Run:1
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs-x32: c:/progra~3/{be095~1/192~1.1/tice.dll => "c:\progra~3\{be095~1\192~1.1\tice.dll" File not found
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\274.lnk
C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemOptimizer.lnk
C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 hyxuduge; C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5\jnsp454E.tmp [175104 2015-03-07] () [File not signed]
C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5
Task: {F286218A-1613-4B08-BC9F-B7970E33E820} - System32\Tasks\{88E8C6AF-75A6-4397-99D7-06402F64FC4A} => pcalua.exe -a "C:\Program Files (x86)\DealNoDeal\DealNoDeal.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
C:\Program Files (x86)\DealNoDeal
FirewallRules: [{DE4429D4-6030-44E3-956B-91CC8DF97760}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\youtubeserv.exe
FirewallRules: [{4E7C9EBA-834A-46FE-9C2E-3395E44F172B}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G2\netclean.exe
C:\Program Files (x86)\YouTube Download Pool
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"c:/progra~3/{be095~1/192~1.1/tice.dll" => value data removed successfully.
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\274.lnk => moved successfully.
"C:\ProgramData\{11d41792-558c-7879-11d4-417925585e49}" => File/Folder not found.
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemOptimizer.lnk => moved successfully.
"C:\ProgramData\{8e006ba7-1b11-443d-8e00-06ba71b1ae9c}" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
hyxuduge => Service removed successfully
C:\Users\Stephen\AppData\Roaming\4396405B-1425740813-02CC-AA1A-9850ED46B8E5 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F286218A-1613-4B08-BC9F-B7970E33E820}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F286218A-1613-4B08-BC9F-B7970E33E820}" => key removed successfully
C:\Windows\System32\Tasks\{88E8C6AF-75A6-4397-99D7-06402F64FC4A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88E8C6AF-75A6-4397-99D7-06402F64FC4A}" => key removed successfully
"C:\Program Files (x86)\DealNoDeal" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE4429D4-6030-44E3-956B-91CC8DF97760} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E7C9EBA-834A-46FE-9C2E-3395E44F172B} => value removed successfully
"C:\Program Files (x86)\YouTube Download Pool" => File/Folder not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {EF3BE1BC-7BD1-4D62-BFC3-B53CC331263D}.
Unable to cancel {55FFA61A-4355-44B3-B76F-E9430ACD3C32}.
Unable to cancel {F16CE025-5526-44CE-8F67-337160E9A19C}.
Unable to cancel {99BB3749-DAB0-496B-94F2-E523B5008F0D}.
{D9ADEED5-09BD-4C5F-8298-0215E71E6AE0} canceled.
{CA8E8D5E-152C-4980-B309-45DD0D354C3D} canceled.
{F3AB6B10-B431-4930-8A4B-B483C34F3C43} canceled.
{A39DDB36-C280-4C48-A627-921731E1226D} canceled.
{0CC1FD46-6ACB-49EB-85AB-0842322ECBF6} canceled.
{0D200CF0-210C-4872-92B9-9EA5391BB816} canceled.
{2CD61D30-0C91-46B4-9BDE-05A617820491} canceled.
{45F1E570-B288-4690-9DD3-0833E18BD7CF} canceled.
{D32C4B4C-7594-49A2-A974-31A689E47D16} canceled.
{6150A851-DFCD-429D-B9F0-FFBB9ABBB686} canceled.
{DA900D79-BA51-4721-96BB-2773F487EE96} canceled.
11 out of 15 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3566614747-3769634103-3560256049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 3.9 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 06:34:58 ====



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:14 AM

Posted 18 June 2015 - 07:43 AM

Hi,

 

Nice to see there is an improvement. :)

 

Please go ahead and update Mozilla to the latest version:

 

Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 38.0.6 Final

Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update (just in case).
 
Also it seems that you didn''t uninstall Google Chrome properly.

 
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

 

Let's check for Chrome leftovers and remove them as well.

 

Please download the following file => Attached File  fixlist.txt   134bytes   1 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 

cXfZ4wS.png


#13 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 18 June 2015 - 01:01 PM

Here is the post FireFox update Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-18 13:59:46 Run:2
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CMD: Dir /b c:\*Google* /s
CMD: Dir /b c:\*Chrome* /s
end
*****************


=========  Dir /b c:\*Google* /s =========

c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Google Profile.ico.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\google-drive.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\google.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\google_buzz.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\google_talk.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\iS-googleplus.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\powered-by-google.png.vir
c:\Program Files\WindowsApps\53949YingXiong.YoutubeDownloadFree_1.9.1.36_neutral__9cdx8657rgq7a\Google.Apis.Auth.dll
c:\Program Files\WindowsApps\53949YingXiong.YoutubeDownloadFree_1.9.1.36_neutral__9cdx8657rgq7a\Google.Apis.Core.dll
c:\Program Files\WindowsApps\53949YingXiong.YoutubeDownloadFree_1.9.1.36_neutral__9cdx8657rgq7a\Google.Apis.dll
c:\Program Files\WindowsApps\53949YingXiong.YoutubeDownloadFree_1.9.1.36_neutral__9cdx8657rgq7a\Google.Apis.YouTube.v3.dll
c:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\2GANT08X\GoogleEmail[1].htm
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\2GANT08X\google_logo_white_126x48[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\AAK03DYY\google_logo_126x48[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\AAK03DYY\google_play_left_16x16_20140818[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\AAK03DYY\google_play_left_20x20_20131112[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\AYK8RA0G\google_play_left_40x40_20131112[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\IVTA2AO4\google-logo[1].png
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\27DGW1JE\docs.google[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\27DGW1JE\mail.google[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\8ASPYK3W\googleads.g.doubleclick[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\8ASPYK3W\plus.google[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\CB5P0IW8\classroom.google[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\LZ7SQNUT\talkgadget.google[1].xml
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\LZ7SQNUT\www.google[1].xml
c:\Users\kclos_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\36L2VQSI\googleads.g.doubleclick[1].xml
c:\Users\kclos_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\36L2VQSI\www.google[1].xml
c:\Users\kclos_000\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\FH0S3YG1\googleads.g.doubleclick[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9YVWNQFG\0.docs.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9YVWNQFG\0.talkgadget.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9YVWNQFG\accounts.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9YVWNQFG\docs.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9YVWNQFG\drive.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GO6IEG0G\0.client-channel.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GO6IEG0G\clients6.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GO6IEG0G\tpc.googlesyndication[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GO6IEG0G\www.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\1.client-channel.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\apis.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\googleads.g.doubleclick[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\googleads.g.doubleclick[2].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\plus.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W6E241G9\talkgadget.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\classroom.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\clients4.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\clients5.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\content.googleapis[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\mail.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\www.google[1].xml
c:\Users\kclos_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y9YAKJPJ\youtube.googleapis[1].xml
c:\Users\kclos_000\AppData\Roaming\.minecraft\libraries\com\google
c:\Users\kclos_000\AppData\Roaming\Mozilla\Firefox\Profiles\i13jbuzf.default\storage\default\https+++drive.google.com
c:\Users\Madigan\AppData\Local\Packages\microsoft.windows.authhost.a_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\L2OK2O76\clients5.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\microsoft.windows.authhost.a_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\VPXKFCYF\accounts.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\1GVCCATK\mobile-install-google[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\1YL3NB4F\google-logo[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\1YL3NB4F\googleplus-sign-in[1].js
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\8CPJ29PB\google_custom_search_watermark[1].gif
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\JGMM9Y58\google[1].js
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\LUHQUEG2\googleplus_32[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\MNID1978\google_custom_search_watermark[1].gif
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\SWR58QYJ\google-logo[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\SWR58QYJ\powered-by-google[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\VZY5O4U8\iphone-google-logo[1].gif
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\VZY5O4U8\powered-by-google[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\080MLZST\0.talkgadget.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\080MLZST\drive.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\080MLZST\tpc.googlesyndication[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\080MLZST\www.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\J05E374A\googleads.g.doubleclick[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\OYJHNBM9\googleads.g.doubleclick[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\OYJHNBM9\mail.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\YELEMVI5\docs.google[1].xml
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\YELEMVI5\plus.google[1].xml
c:\Users\Madigan\AppData\Roaming\.minecraft\libraries\com\google
c:\Users\Stephen\AppData\Local\Google
c:\Users\Stephen\AppData\Local\Packages\9E2F88E3.Twitter_wgeqdkkx372wm\AC\Microsoft\Internet Explorer\DOMStore\O9NZPWB8\googleads.g.doubleclick[1].xml
c:\Users\Stephen\AppData\Local\Packages\9E2F88E3.Twitter_wgeqdkkx372wm\AC\Microsoft\Internet Explorer\DOMStore\U7G5Y3AO\imasdk.googleapis[1].xml
c:\Users\Stephen\AppData\Local\Packages\9E2F88E3.Twitter_wgeqdkkx372wm\AC\Microsoft\Internet Explorer\DOMStore\UR9KEODI\googleads.g.doubleclick[1].xml
c:\Users\Stephen\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\16C7XMFF\tpc.googlesyndication[1].xml
c:\Users\Stephen\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\JMXM2F73\googleads.g.doubleclick[1].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\2AH06DLA\plus.google[1].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\2AH06DLA\www.google[1].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\KHU47P2G\googleads.g.doubleclick[1].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\KHU47P2G\googleads.g.doubleclick[2].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\O2XBWI58\clients5.google[1].xml
c:\Users\Stephen\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\O2XBWI58\tpc.googlesyndication[1].xml

========= End of CMD: =========


=========  Dir /b c:\*Chrome* /s =========

c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\clean\chrome_apps.svg.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\IndexedDB\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.indexeddb.leveldb
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Local Storage\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.localstorage-journal.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Local\Taplika\User Data\Default\Local Storage\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.localstorage.vir
c:\AdwCleaner\Quarantine\C\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\smg111vd.default\Extensions\e@yru0nVkY.org\chrome.manifest.vir
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css
c:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css
c:\Program Files (x86)\Mozilla Firefox\browser\chrome.manifest
c:\Program Files (x86)\Steam\bin\chromehtml.dll
c:\Program Files (x86)\Steam\resource\layout\gamespage_grid_chrome.layout
c:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\chromehtml.dll
c:\Users\closs_000\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\AYK8RA0G\chrome-48[1].png
c:\Users\kclos_000\AppData\Roaming\Mozilla\Firefox\Profiles\i13jbuzf.default\extensions\staged\e@yru0nVkY.org\chrome.manifest
c:\Users\kclos_000\AppData\Roaming\Mozilla\Firefox\Profiles\i13jbuzf.default\extensions\staged\Tps8u@Mo3od1.edu\chrome.manifest
c:\Users\kclos_000\Documents\AmazonApps-release\res\drawable\icon_chrome_clock_portrait.png
c:\Users\kclos_000\Documents\AmazonApps-release\res\drawable\icon_chrome_latency_portrait.png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\LUHQUEG2\chrome_arrow[1].png
c:\Users\Madigan\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\MNID1978\chrome-48[1].png
c:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser
c:\Windows\Prefetch\GEMOJI CHROME.EXE-2597915D.pf
c:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_e03c9daab4035a21\chrome.browser
c:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_27e9d481c87f8327\chrome.browser

========= End of CMD: =========


==== End of Fixlog 13:59:58 ====



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:14 AM

Posted 18 June 2015 - 01:34 PM

Hi,

 

 

To get rid of the Google leftovers please do this:

 

Please download the following file => Attached File  fixlist.txt   49bytes   1 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next please run a new scan with FRST and post back the results in your next reply. There is no need to tick the box beside Addition.txt this time.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 18 June 2015 - 01:44 PM

This looks promising:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Stephen at 2015-06-18 14:43:39 Run:3
Running from C:\Users\Stephen\Downloads
Loaded Profiles: Stephen (Available Profiles: Stephen & Madigan & kclos_000 & closs_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
c:\Users\Stephen\AppData\Local\Google
end
*****************

c:\Users\Stephen\AppData\Local\Google => moved successfully.

==== End of Fixlog 14:43:39 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users