Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://your-home-page.net Browser Hijacker


  • This topic is locked This topic is locked
23 replies to this topic

#1 MegaZak

MegaZak

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 July 2015 - 06:07 AM

As anyone any experience of this nasty piece of work which I believe my grandson inadvertently downloaded on the back of 'Minecraft' the other day. I am usually pretty adept at removing malware but this one has got me stumped.

 

Reading up on it suggests this is a new bug but I have had no success at all in removing it from Internet Explorer. People have suggested uninstalling the 'program' but it is not appearing in any of my program lists so that is a non-starter. Neither is it appearing in any browser add ons or extensions that I can see. It also appears to have deleted all system restore points so running that is not an option. I have run Malwarebytes and Reason Core Security but neither has picked it up. I have McAfee Internet Security on my PC but that doesn't pick it up either. The only 'success' I have had so far is with my Opera browser which I uninstalled and reinstalled and it disappeared from that. IE however defies all my attempts to clear it.

 

I have run the FRST as recommended and the logs follow.

 

I hope I have done this correctly and hope that somebody out there can assist me in getting rid of this bug.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 July 2015 - 06:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Keith (administrator) on KEITH-PC on 20-07-2015 11:35:15
Running from D:\Keith\Downloads
Loaded Profiles: Keith (Available Profiles: Keith & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\SysWOW64\XSrvSetup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFSE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFSE.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871968 2015-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [EPSON PX710W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [Epson Stylus Photo PX710W(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {F7074685-4EB2-47F0-BE6B-B6ACE427E397} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKU\.DEFAULT -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32D61BDE-11B4-48DB-B288-D162E53842D1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7908A5C4-119C-46D2-A994-CEFCE780D96F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E080707E-8116-4161-ABBD-F4924D0C64C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD934EB6-ECC3-42C0-BB40-D1284E1136FC}: [DhcpNameServer] 172.20.10.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-21]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-06]
CHR HKLM-x32\...\Chrome\Extension: [bjopainmibagbfpkheeolkahcgmejiek] - C:\ProgramData\wxDownload\bjopainmibagbfpkheeolkahcgmejiek.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-06]
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idiogmhbdjghifhgbcmhgaollhhpahhm] - C:\ProgramData\wxDownload\idiogmhbdjghifhgbcmhgaollhhpahhm.crx [Not Found]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.uk.yahoo.com/"
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-04] (Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [856072 2010-08-27] (MicroWorld Technologies Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S4 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-05-18] (Reason Software Company Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [10632 2007-10-12] (Advanced Micro Devices)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [14448 2013-12-18] ()
S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-12] (Glarysoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-05] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-12] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-08-12] (Acronis International GmbH)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-08-12] (Acronis International GmbH)
U5 zntport; C:\Windows\System32\Drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio)
U0 SR; No ImagePath
U2 SRService; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 11:34 - 2015-07-20 11:35 - 00000000 ____D C:\FRST
2015-07-20 11:17 - 2015-07-20 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-20 09:46 - 2015-07-20 09:46 - 00003534 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2015-07-20 09:46 - 2015-07-20 09:46 - 00003412 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2015-07-20 09:46 - 2015-07-20 09:46 - 00000919 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-07-20 09:46 - 2015-07-20 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-07-20 09:46 - 2015-07-20 09:46 - 00000000 ____D C:\Program Files\Reason
2015-07-20 09:41 - 2015-07-20 09:41 - 00001421 _____ C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-20 09:21 - 2015-07-03 07:18 - 17887744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 09:21 - 2015-07-03 07:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 09:21 - 2015-07-03 06:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-20 09:21 - 2015-07-03 06:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-20 09:21 - 2015-06-22 17:18 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 09:21 - 2015-06-22 17:17 - 10936320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 09:21 - 2015-06-22 17:17 - 02343936 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 09:21 - 2015-06-22 17:12 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 09:21 - 2015-06-22 17:12 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 09:21 - 2015-06-22 17:11 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 09:21 - 2015-06-22 17:11 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 09:21 - 2015-06-22 17:11 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 09:21 - 2015-06-22 17:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-20 09:21 - 2015-06-22 17:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-20 09:21 - 2015-06-22 17:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-20 09:21 - 2015-06-22 16:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-20 09:21 - 2015-06-22 16:27 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-20 09:21 - 2015-06-22 16:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-20 09:21 - 2015-06-22 16:23 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-20 09:21 - 2015-06-22 16:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-20 09:21 - 2015-06-22 16:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-20 09:21 - 2015-06-22 16:21 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-20 09:21 - 2015-06-22 16:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-20 09:21 - 2015-06-22 16:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-20 09:21 - 2015-06-22 16:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-20 09:21 - 2015-06-22 16:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-20 09:21 - 2015-06-22 16:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-20 09:21 - 2015-06-22 16:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-20 09:21 - 2015-06-22 16:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-19 23:41 - 2015-07-20 11:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-19 23:41 - 2015-07-19 23:41 - 00003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1437345689
2015-07-19 23:41 - 2015-07-19 23:41 - 00001107 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-19 23:41 - 2015-07-19 23:41 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-19 23:26 - 2015-07-19 23:26 - 00000000 _____ C:\autoexec.bat
2015-07-19 13:43 - 2015-07-19 13:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\GlarySoft
2015-07-19 13:37 - 2015-07-19 13:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Epson
2015-07-19 11:13 - 2015-07-19 23:20 - 00006256 _____ C:\Windows\PFRO.log
2015-07-18 17:17 - 2015-02-23 13:47 - 1442192620 ____N C:\Users\Keith\Desktop\X-Men-Days-of-Future-Past---ENG-.mp4
2015-07-18 17:15 - 2015-02-22 22:11 - 1775713563 ____N C:\Users\Keith\Desktop\Transformers-Age-of-Extinction---ENG-.mp4
2015-07-18 17:10 - 2015-03-12 08:34 - 1785911461 ____N C:\Users\Keith\Desktop\Godzilla---ENG-.mp4
2015-07-18 16:10 - 2015-07-13 11:02 - 1989438256 ____N C:\Users\Keith\Desktop\Jurassic-World-.mp4
2015-07-18 16:05 - 2015-07-18 16:05 - 1354592073 ____N C:\Users\Keith\Desktop\Despicable-Me-2-.mp4
2015-07-18 15:59 - 2015-07-18 15:59 - 410708922 ____N C:\Users\Keith\Desktop\Despicable-Me-.mp4
2015-07-18 15:58 - 2015-07-18 16:01 - 1390819157 ____N C:\Users\Keith\Desktop\Big-Game-.mp4
2015-07-16 00:36 - 2015-07-16 00:36 - 00001028 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2015-07-15 22:43 - 2015-07-20 11:11 - 00001972 _____ C:\Windows\setupact.log
2015-07-15 22:43 - 2015-07-15 22:43 - 00000000 _____ C:\Windows\setuperr.log
2015-07-15 20:39 - 2015-07-19 20:39 - 00000252 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-07-15 20:39 - 2015-07-15 20:39 - 00002786 _____ C:\Windows\System32\Tasks\Epson Printer Software Downloader
2015-07-15 20:15 - 2015-07-15 21:15 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 19:42 - 2015-07-15 19:42 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2015-07-15 19:30 - 2015-07-15 19:30 - 00002291 _____ C:\Users\Public\Desktop\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual.lnk
2015-07-15 19:30 - 2015-07-15 19:30 - 00000942 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-07-15 19:30 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2015-07-15 19:30 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2015-07-15 19:30 - 2008-11-17 00:00 - 00459776 _____ (Seiko Epson Corporation) C:\Windows\system32\esxwiaud.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 09:48 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 09:48 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 09:48 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 09:48 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 09:48 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 09:48 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 09:48 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 09:48 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 09:48 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 09:48 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:48 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:48 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 09:48 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:48 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 09:48 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 09:47 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 09:47 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 09:47 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 09:47 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 09:47 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 09:47 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 09:47 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 09:47 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 09:47 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 09:47 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 09:47 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 09:47 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 09:47 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 09:47 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 09:47 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 09:47 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 09:47 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 09:47 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 09:47 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 09:47 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 09:47 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 09:47 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 09:47 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 09:47 - 2015-06-11 18:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 09:47 - 2015-06-11 18:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 09:47 - 2015-06-11 18:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 09:47 - 2015-06-11 18:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 09:47 - 2015-06-11 18:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 09:47 - 2015-06-11 18:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 09:47 - 2015-06-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 09:47 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 09:47 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 09:47 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 09:47 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 09:47 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 09:47 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 09:47 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 09:47 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 09:46 - 2015-07-09 18:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 09:46 - 2015-07-09 18:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 09:46 - 2015-07-09 18:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 09:46 - 2015-07-09 18:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 09:46 - 2015-07-09 18:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 09:46 - 2015-07-09 18:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 09:46 - 2015-07-09 18:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 09:46 - 2015-07-09 18:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 09:46 - 2015-07-03 19:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 09:46 - 2015-07-03 19:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 09:46 - 2015-07-03 19:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 09:46 - 2015-07-03 19:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 09:46 - 2015-07-03 18:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 09:46 - 2015-07-03 18:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 09:46 - 2015-07-03 18:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 09:46 - 2015-07-03 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 09:46 - 2015-07-03 17:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 09:46 - 2015-07-03 17:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 09:46 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 09:46 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 09:46 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 09:46 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 09:46 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 09:46 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 09:46 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 09:46 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 09:46 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 09:46 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 09:46 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 09:46 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 22:51 - 2015-07-14 22:51 - 00003268 _____ C:\Windows\System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B}
2015-07-14 22:44 - 2015-07-14 22:44 - 00000000 ____D C:\Users\Keith\AppData\Roaming\InstallShield
2015-07-14 22:26 - 2015-07-14 13:24 - 1327293022 ____N C:\Users\Keith\Desktop\Frozen-.mp4
2015-07-13 16:57 - 2015-07-16 00:37 - 00000000 ____D C:\Users\Keith\AppData\Local\CrashDumps
2015-07-11 09:49 - 2015-07-11 09:49 - 00008704 _____ C:\Users\Keith\Desktop\COVER TEMPLATE.ppp
2015-07-10 17:58 - 2015-07-10 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-10 17:58 - 2015-07-10 17:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-07 18:02 - 2015-07-07 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-07 18:00 - 2015-07-07 18:02 - 00000000 ____D C:\Program Files\iTunes
2015-07-07 18:00 - 2015-07-07 18:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-07 18:00 - 2015-07-07 18:00 - 00000000 ____D C:\Program Files\iPod
2015-07-07 17:50 - 2015-07-07 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-06 15:53 - 2015-07-06 16:31 - 00000000 ____D C:\Users\Keith\Desktop\America 2015
2015-07-03 22:24 - 2015-07-03 22:24 - 00000000 ____D C:\Users\Keith\AppData\Local\Orphamiel
2015-07-03 21:41 - 2015-07-03 21:41 - 00000000 ____D C:\Users\Keith\AppData\Roaming\iFunbox_UserCache
2015-07-03 21:37 - 2015-07-06 20:43 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-07-03 21:28 - 2015-07-03 21:28 - 00000000 ____D C:\win-data
2015-07-03 20:57 - 2015-07-03 20:57 - 00000000 ____D C:\Users\Keith\AppData\Roaming\TaiG
2015-07-03 18:01 - 2015-07-03 18:42 - 00000000 ____D C:\Users\Keith\Desktop\nikon
2015-06-29 19:55 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-29 19:51 - 2015-06-29 19:51 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 11:33 - 2013-11-25 22:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 11:21 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 11:21 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 11:20 - 2010-03-01 13:35 - 02089312 _____ C:\Windows\WindowsUpdate.log
2015-07-20 11:19 - 2013-11-28 14:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 11:15 - 2015-05-12 16:16 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-20 11:15 - 2013-05-14 23:49 - 00000000 ___RD C:\Users\Keith\Dropbox
2015-07-20 11:15 - 2013-05-14 23:47 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Dropbox
2015-07-20 11:14 - 2015-06-04 19:25 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-20 11:14 - 2013-11-25 22:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 11:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 11:12 - 2009-07-14 03:34 - 00000729 _____ C:\Windows\win.ini
2015-07-20 11:02 - 2015-06-04 19:25 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-20 10:58 - 2015-02-04 12:45 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter
2015-07-20 10:45 - 2014-12-08 19:00 - 00003036 _____ C:\Windows\System32\Tasks\{F059F625-DD77-472C-8098-D8BD0C7174C9}
2015-07-20 10:45 - 2014-12-08 18:58 - 00003036 _____ C:\Windows\System32\Tasks\{8033E51C-C0F1-48D8-9745-3C9D9F66D74F}
2015-07-20 10:38 - 2015-02-07 12:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042c931d282ca.job
2015-07-20 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-20 02:00 - 2014-12-08 18:56 - 00000354 _____ C:\Windows\Tasks\AdobeAAMUpdater-1.0-Keith-PC-Keith.job
2015-07-20 01:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-20 00:30 - 2010-03-01 18:31 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2CDB49A9-D396-44CF-9BBE-8095C0728CF2}
2015-07-20 00:17 - 2010-03-01 21:15 - 00000000 ____D C:\Windows\Panther
2015-07-19 23:41 - 2014-03-20 11:52 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Opera Software
2015-07-19 23:41 - 2014-03-20 11:52 - 00000000 ____D C:\Users\Keith\AppData\Local\Opera Software
2015-07-19 22:49 - 2010-08-28 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-19 22:48 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-19 18:10 - 2010-03-23 14:15 - 00000000 ____D C:\Users\Keith\AppData\Local\Google
2015-07-19 18:10 - 2010-03-23 14:15 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-19 17:02 - 2014-03-31 23:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-19 16:39 - 2014-11-21 16:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-19 13:39 - 2014-10-05 13:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-07-18 22:38 - 2015-06-07 19:57 - 00000000 ____D C:\Users\Keith\AppData\Roaming\.minecraft
2015-07-18 20:57 - 2015-06-04 19:25 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-18 20:57 - 2015-06-04 19:25 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-18 15:58 - 2014-12-10 13:12 - 00003822 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1418213532
2015-07-17 00:43 - 2010-03-21 00:42 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-17 00:42 - 2015-01-09 13:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-16 15:43 - 2015-05-09 11:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-16 15:41 - 2014-12-27 11:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 00:36 - 2012-08-17 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-07-16 00:36 - 2010-03-05 01:14 - 00000000 ____D C:\Program Files (x86)\epson
2015-07-16 00:36 - 2010-03-05 01:09 - 00000000 ____D C:\ProgramData\EPSON
2015-07-16 00:33 - 2015-02-07 12:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d042c931d282ca
2015-07-16 00:33 - 2013-11-25 22:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:46 - 2009-07-14 06:13 - 00799926 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-15 21:15 - 2013-11-24 02:00 - 00000000 ____D C:\ProgramData\McAfee
2015-07-15 20:38 - 2012-08-17 21:13 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-07-15 20:38 - 2010-03-05 01:16 - 00000000 ____D C:\ProgramData\UDL
2015-07-15 20:38 - 2010-03-02 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-07-15 20:38 - 2010-03-01 13:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-15 19:56 - 2013-05-15 16:08 - 00000000 ____D C:\Program Files\EpsonNet
2015-07-15 19:31 - 2010-03-06 19:31 - 00000000 ____D C:\ProgramData\InstallShield
2015-07-15 19:17 - 2011-01-09 19:21 - 00000000 ____D C:\Windows\Minidump
2015-07-15 19:02 - 2009-07-14 05:45 - 00638504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 18:58 - 2014-12-12 18:03 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 18:58 - 2014-05-13 00:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 11:39 - 2013-08-15 01:34 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 10:19 - 2013-11-28 14:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 10:19 - 2013-11-28 14:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 10:19 - 2013-11-28 14:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 23:31 - 2015-04-04 22:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-14 23:31 - 2015-04-04 22:26 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-12 09:57 - 2012-09-16 11:04 - 00027932 _____ C:\Users\Keith\Desktop\Household Expenses.xlsx
2015-07-10 19:43 - 2015-04-27 11:29 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieBrowserModeList
2015-07-10 19:43 - 2014-10-05 13:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList
2015-07-10 19:43 - 2014-10-05 13:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList
2015-07-07 18:53 - 2014-03-20 11:49 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-07-07 18:53 - 2013-03-17 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-07-07 18:00 - 2015-05-27 11:05 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-07 18:00 - 2010-03-08 02:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-07 17:50 - 2015-06-04 19:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-07 11:08 - 2015-05-12 16:17 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-07-07 11:08 - 2014-05-19 18:18 - 00003312 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-07-07 11:08 - 2014-05-19 18:18 - 00002972 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-07-06 10:59 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-03 18:04 - 2015-05-12 16:17 - 00001052 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-07-03 08:43 - 2010-03-01 18:39 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 15:33 - 2014-12-19 11:53 - 00412440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2015-07-02 15:33 - 2014-11-21 16:01 - 00875928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-07-02 15:33 - 2014-06-20 11:38 - 00077536 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2015-07-02 15:33 - 2014-06-20 11:31 - 00344704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-07-02 15:33 - 2014-06-20 11:23 - 00496888 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-07-02 15:33 - 2014-06-20 11:21 - 00347800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-07-01 13:47 - 2014-03-27 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 13:47 - 2014-03-27 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-01 13:47 - 2012-05-16 12:46 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 19:54 - 2014-11-21 16:01 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-29 10:03 - 2013-04-03 18:34 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
 
==================== Files in the root of some directories =======
 
2010-12-31 10:18 - 2010-12-31 10:19 - 0000000 _____ () C:\Users\Keith\AppData\Roaming\Application.set
2010-10-06 22:47 - 2010-10-07 08:52 - 0000016 _____ () C:\Users\Keith\AppData\Roaming\pnmfzy.dat
2013-03-17 23:12 - 2013-03-17 23:25 - 0558080 _____ () C:\Users\Keith\AppData\Roaming\SharedSettings.ccs
2010-03-12 01:08 - 2010-03-12 01:08 - 0000093 _____ () C:\Users\Keith\AppData\Local\fusioncache.dat
2010-07-30 11:19 - 2010-07-30 11:19 - 0000000 _____ () C:\Users\Keith\AppData\Local\Jgomej.bin
2010-07-31 18:29 - 2015-03-12 13:47 - 0007605 _____ () C:\Users\Keith\AppData\Local\resmon.resmoncfg
2013-11-13 22:46 - 2013-11-13 23:16 - 95025368 ____T () C:\ProgramData\bzj4j6jr.bxx
2013-11-13 22:46 - 2013-11-13 23:15 - 0000000 _____ () C:\ProgramData\bzj4j6jr.fvv
 
Files to move or delete:
====================
C:\ProgramData\bzj4j6jr.bxx
C:\ProgramData\bzj4j6jr.fvv
 
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpay3sx0.dll
C:\Users\Keith\AppData\Local\Temp\cct.dll
C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojxrmn.dll
C:\Users\Keith\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Keith\AppData\Local\Temp\msscct32.dll
C:\Users\Keith\AppData\Local\Temp\rscp_setup.exe
C:\Users\Keith\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Keith\AppData\Local\Temp\ytb.exe
C:\Users\Keith\AppData\Local\Temp\_is13BE.exe
C:\Users\Keith\AppData\Local\Temp\_is7722.exe
C:\Users\Keith\AppData\Local\Temp\_is77CE.exe
C:\Users\Keith\AppData\Local\Temp\_isE8BA.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 12:46
 
==================== End of log ============================


#3 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 July 2015 - 06:17 AM

Sorry but I screwed this up after all. Attached is the Addition.txt file.

Attached Files



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 20 July 2015 - 03:44 PM

Hi, MegaZak! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First, let's run a fix with FRST to get rid of some things.

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    C:\Windows\system32\msapsspc.dll
    C:\Windows\system32\schannel.dll
    C:\Windows\system32\digest.dll
    C:\Windows\system32\msnccpc.dll
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {F7074685-4EB2-47F0-BE6B-B6ACE427E397} URL = 
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
    SearchScopes: HKU\.DEFAULT -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = 
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
    BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    Tcpip\..\Interfaces\{32D61BDE-11B4-48DB-B288-D162E53842D1}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7908A5C4-119C-46D2-A994-CEFCE780D96F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E080707E-8116-4161-ABBD-F4924D0C64C5}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{FD934EB6-ECC3-42C0-BB40-D1284E1136FC}: [DhcpNameServer] 172.20.10.1
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [bjopainmibagbfpkheeolkahcgmejiek] - C:\ProgramData\wxDownload\bjopainmibagbfpkheeolkahcgmejiek.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [idiogmhbdjghifhgbcmhgaollhhpahhm] - C:\ProgramData\wxDownload\idiogmhbdjghifhgbcmhgaollhhpahhm.crx [Not Found]
    U0 SR; No ImagePath
    U2 SRService; No ImagePath
    C:\Windows\System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B}
    C:\win-data
    C:\Windows\System32\Tasks\{F059F625-DD77-472C-8098-D8BD0C7174C9}
    C:\Windows\System32\Tasks\{8033E51C-C0F1-48D8-9745-3C9D9F66D74F}
    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    C:\Users\Keith\AppData\Roaming\Application.set
    C:\Users\Keith\AppData\Roaming\pnmfzy.dat
    C:\Users\Keith\AppData\Roaming\SharedSettings.ccs
    C:\Users\Keith\AppData\Local\fusioncache.dat
    C:\Users\Keith\AppData\Local\Jgomej.bin
    C:\Users\Keith\AppData\Local\resmon.resmoncfg
    C:\ProgramData\bzj4j6jr.bxx
    C:\ProgramData\bzj4j6jr.fvv
    C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpay3sx0.dll
    C:\Users\Keith\AppData\Local\Temp\cct.dll
    C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojxrmn.dll
    C:\Users\Keith\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Keith\AppData\Local\Temp\msscct32.dll
    C:\Users\Keith\AppData\Local\Temp\rscp_setup.exe
    C:\Users\Keith\AppData\Local\Temp\YSearchUtil.dll
    C:\Users\Keith\AppData\Local\Temp\ytb.exe
    C:\Users\Keith\AppData\Local\Temp\_is13BE.exe
    C:\Users\Keith\AppData\Local\Temp\_is7722.exe
    C:\Users\Keith\AppData\Local\Temp\_is77CE.exe
    C:\Users\Keith\AppData\Local\Temp\_isE8BA.exe
    C:\Windows\logo1_.exe
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\rundll16.exe
    C:\Windows\VDLL.DLL
    C:\Windows\SysWOW64\regsvr.exe
    C:\Windows\SysWOW64\runouce.exe
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
    Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
    Task: {0BCB9E12-FB50-44D6-ADC8-DBDB303E8D13} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
    Task: {114A09A0-6AD4-42F0-983C-316FD5DC7E82} - System32\Tasks\{3C89B5EF-D455-4ED6-9F2B-7504537BED5C} => pcalua.exe -a F:\CDS\Setup.exe -d F:\CDSTask: {3197D992-70D4-4264-9A2C-87FF2269A99F} - \avayvaxvaa No Task File <==== ATTENTION
    Task: {64E3D327-F505-47E1-BD0E-E6F22AAC44D5} - System32\Tasks\RunAsStdUser Task => C:\Users\Keith\AppData\Local\vidshakeSA\bin\1.0.9.0\VidShakeSA.exe
    C:\Users\Keith\AppData\Local\vidshakeSA
    Task: {843DD464-00DB-4BC6-833D-E4E7110AF14F} - System32\Tasks\{CAD2412B-5DA1-43C0-BD60-82C5F14A7187} => pcalua.exe -a D:\Setup.exe -d D:\
    Task: {87E22B15-4A51-4AB8-A4E8-3CDB45D9E3B9} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
    C:\Program Files (x86)\Driver Robot
    Task: {87F0910F-44EC-4BE7-89D3-74E636E4991A} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {8F962743-52B4-4491-BB62-5919A6AC7CAE} - \ProgramUpdateCheck No Task File <==== ATTENTION
    Task: {DC4F9DAA-D490-485A-94D6-EE727CD725C3} - \RocketTab No Task File <==== ATTENTION
    Task: {E513A030-3C49-4AEF-8C1B-1CFA3E02837C} - System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B} => pcalua.exe -a "C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDP1QUZR\ENP_2_6_0_EN.exe" -d C:\Users\Keith\Desktop
    Task: {F249C28D-AB81-4A8C-A157-EAD9E514308E} - System32\Tasks\{C3F3CCED-F0A0-4073-A9B0-7A501053DBC5} => pcalua.exe -a C:\Users\Keith\Desktop\motherboard_utility_dcc.exe -d C:\Users\Keith\Desktop
    Task: {F5C44344-50CE-409F-A14F-79B98CD6BD87} - System32\Tasks\{DD4C3ADD-50E8-4E3F-83FC-A01DF5B5572F} => pcalua.exe -a "C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUT1SJS9\SonicStageInstaller.exe" -d C:\Users\Keith\Desktop
    Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
    AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:SummaryInformation
    AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    FirewallRules: [TCP Query User{88764826-9C29-45D5-8C55-CE263395BD13}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
    FirewallRules: [UDP Query User{20734BBE-522F-4170-B1C9-51FD16B5F208}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
    FirewallRules: [TCP Query User{F9884DA8-AD7A-43A1-8CE0-2B472F41FEA0}C:\users\keith\appdata\roaming\deaz\oqzo.exe] => (Block) C:\users\keith\appdata\roaming\deaz\oqzo.exe
    FirewallRules: [UDP Query User{84ADAAC9-4D12-4F6A-A336-67F0C0161E41}C:\users\keith\appdata\roaming\deaz\oqzo.exe] => (Block) C:\users\keith\appdata\roaming\deaz\oqzo.exe
    FirewallRules: [TCP Query User{6C247B76-AA4E-42D1-BEE8-D03064297954}C:\users\keith\appdata\roaming\azyhc\ognez.exe] => (Allow) C:\users\keith\appdata\roaming\azyhc\ognez.exe
    FirewallRules: [UDP Query User{B9A38AA0-6D74-4932-9A9E-AB945818AD68}C:\users\keith\appdata\roaming\azyhc\ognez.exe] => (Allow) C:\users\keith\appdata\roaming\azyhc\ognez.exe
    FirewallRules: [{A9B3086F-C28E-4DAB-A848-CA1930D7E0BA}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{72ECC82F-3FDA-4906-8C40-47E76D0C9FBA}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{44DF76E4-0E6E-4AD2-9BAE-7A321A636333}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{61A73542-AF08-4B8C-A0DC-95558CA25B5E}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{9CB488EB-AD19-4F30-BF5D-4D0AB6A0409B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{E4D61CDB-9CAC-467B-8050-C9F0D6B4DB58}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{6F6E4871-E4F9-4C7E-A5DB-E187787D7703}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{083A6E97-B39C-48BB-91A4-FAB7529B3DC5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{44F89CA5-9445-4472-8861-A732AFCD49CF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{4E10760C-A69E-4215-B706-E28BBB27DC54}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{27D363BB-537A-4E94-9711-99FEFE571673}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{A36350A5-8D77-41FB-AB66-EE491CA5E617}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{58D87A25-88D7-4BBB-8B56-03C2973FF673}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{6BCFE2A2-1284-4594-8D51-AA12AC303D52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{A70A988C-FC5F-4304-8C6A-33E7CDB5412C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{B94BAC81-D6DC-4439-BA66-734BD7E5EE9D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{D24F8489-B620-443D-80CA-E37311271871}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    FirewallRules: [{3B9EDA87-5966-4F45-BD5D-173D5912CDB6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    C:\Windows\SysWOW64\muzapp.exe

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller. You have a couple outdated Java versions to be removed, and WxDownload Expansion and YTD are often known to bundle questionable software with their installations/use.

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Java 8 Update 31
    Java 8 Update 40

    WxDownload Expansion

    YTD Video Downloader 4.8.9
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Java 8 Update 31
    Java 8 Update 40

    WxDownload Expansion

    YTD Video Downloader 4.8.9
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

How did all of this go?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 July 2015 - 06:31 PM

Hi Gunto

 

First off, thank you so much for taking the time out to try and help me. It really is greatly appreciated more than I can say.

 

I have followed your instructions to the letter and the fixlog.txt is pasted at the end of this message.

 

I used Revo to uninstall the 4 programs you listed although strangely, WxDownload Expansion did not appear in Revo! It was in Microsoft's Programs and Features however so I uninstalled it from there.

 

Looking forward to hearing your further advice and thanks again.

 

MegaZak

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Keith at 2015-07-20 23:38:02 Run:1
Running from D:\Keith\Downloads
Loaded Profiles: Keith (Available Profiles: Keith & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
C:\Windows\system32\msapsspc.dll
C:\Windows\system32\schannel.dll
C:\Windows\system32\digest.dll
C:\Windows\system32\msnccpc.dll
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {F7074685-4EB2-47F0-BE6B-B6ACE427E397} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKU\.DEFAULT -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\..\Interfaces\{32D61BDE-11B4-48DB-B288-D162E53842D1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7908A5C4-119C-46D2-A994-CEFCE780D96F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E080707E-8116-4161-ABBD-F4924D0C64C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD934EB6-ECC3-42C0-BB40-D1284E1136FC}: [DhcpNameServer] 172.20.10.1
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR HKLM-x32\...\Chrome\Extension: [bjopainmibagbfpkheeolkahcgmejiek] - C:\ProgramData\wxDownload\bjopainmibagbfpkheeolkahcgmejiek.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idiogmhbdjghifhgbcmhgaollhhpahhm] - C:\ProgramData\wxDownload\idiogmhbdjghifhgbcmhgaollhhpahhm.crx [Not Found]
U0 SR; No ImagePath
U2 SRService; No ImagePath
C:\Windows\System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B}
C:\win-data
C:\Windows\System32\Tasks\{F059F625-DD77-472C-8098-D8BD0C7174C9}
C:\Windows\System32\Tasks\{8033E51C-C0F1-48D8-9745-3C9D9F66D74F}
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
C:\Users\Keith\AppData\Roaming\Application.set
C:\Users\Keith\AppData\Roaming\pnmfzy.dat
C:\Users\Keith\AppData\Roaming\SharedSettings.ccs
C:\Users\Keith\AppData\Local\fusioncache.dat
C:\Users\Keith\AppData\Local\Jgomej.bin
C:\Users\Keith\AppData\Local\resmon.resmoncfg
C:\ProgramData\bzj4j6jr.bxx
C:\ProgramData\bzj4j6jr.fvv
C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpay3sx0.dll
C:\Users\Keith\AppData\Local\Temp\cct.dll
C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojxrmn.dll
C:\Users\Keith\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Keith\AppData\Local\Temp\msscct32.dll
C:\Users\Keith\AppData\Local\Temp\rscp_setup.exe
C:\Users\Keith\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Keith\AppData\Local\Temp\ytb.exe
C:\Users\Keith\AppData\Local\Temp\_is13BE.exe
C:\Users\Keith\AppData\Local\Temp\_is7722.exe
C:\Users\Keith\AppData\Local\Temp\_is77CE.exe
C:\Users\Keith\AppData\Local\Temp\_isE8BA.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
Task: {0BCB9E12-FB50-44D6-ADC8-DBDB303E8D13} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {114A09A0-6AD4-42F0-983C-316FD5DC7E82} - System32\Tasks\{3C89B5EF-D455-4ED6-9F2B-7504537BED5C} => pcalua.exe -a F:\CDS\Setup.exe -d F:\CDSTask: {3197D992-70D4-4264-9A2C-87FF2269A99F} - \avayvaxvaa No Task File <==== ATTENTION
Task: {64E3D327-F505-47E1-BD0E-E6F22AAC44D5} - System32\Tasks\RunAsStdUser Task => C:\Users\Keith\AppData\Local\vidshakeSA\bin\1.0.9.0\VidShakeSA.exe
C:\Users\Keith\AppData\Local\vidshakeSA
Task: {843DD464-00DB-4BC6-833D-E4E7110AF14F} - System32\Tasks\{CAD2412B-5DA1-43C0-BD60-82C5F14A7187} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {87E22B15-4A51-4AB8-A4E8-3CDB45D9E3B9} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
C:\Program Files (x86)\Driver Robot
Task: {87F0910F-44EC-4BE7-89D3-74E636E4991A} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {8F962743-52B4-4491-BB62-5919A6AC7CAE} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {DC4F9DAA-D490-485A-94D6-EE727CD725C3} - \RocketTab No Task File <==== ATTENTION
Task: {E513A030-3C49-4AEF-8C1B-1CFA3E02837C} - System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B} => pcalua.exe -a "C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDP1QUZR\ENP_2_6_0_EN.exe" -d C:\Users\Keith\Desktop
Task: {F249C28D-AB81-4A8C-A157-EAD9E514308E} - System32\Tasks\{C3F3CCED-F0A0-4073-A9B0-7A501053DBC5} => pcalua.exe -a C:\Users\Keith\Desktop\motherboard_utility_dcc.exe -d C:\Users\Keith\Desktop
Task: {F5C44344-50CE-409F-A14F-79B98CD6BD87} - System32\Tasks\{DD4C3ADD-50E8-4E3F-83FC-A01DF5B5572F} => pcalua.exe -a "C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUT1SJS9\SonicStageInstaller.exe" -d C:\Users\Keith\Desktop
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
FirewallRules: [TCP Query User{88764826-9C29-45D5-8C55-CE263395BD13}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{20734BBE-522F-4170-B1C9-51FD16B5F208}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [TCP Query User{F9884DA8-AD7A-43A1-8CE0-2B472F41FEA0}C:\users\keith\appdata\roaming\deaz\oqzo.exe] => (Block) C:\users\keith\appdata\roaming\deaz\oqzo.exe
FirewallRules: [UDP Query User{84ADAAC9-4D12-4F6A-A336-67F0C0161E41}C:\users\keith\appdata\roaming\deaz\oqzo.exe] => (Block) C:\users\keith\appdata\roaming\deaz\oqzo.exe
FirewallRules: [TCP Query User{6C247B76-AA4E-42D1-BEE8-D03064297954}C:\users\keith\appdata\roaming\azyhc\ognez.exe] => (Allow) C:\users\keith\appdata\roaming\azyhc\ognez.exe
FirewallRules: [UDP Query User{B9A38AA0-6D74-4932-9A9E-AB945818AD68}C:\users\keith\appdata\roaming\azyhc\ognez.exe] => (Allow) C:\users\keith\appdata\roaming\azyhc\ognez.exe
FirewallRules: [{A9B3086F-C28E-4DAB-A848-CA1930D7E0BA}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{72ECC82F-3FDA-4906-8C40-47E76D0C9FBA}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{44DF76E4-0E6E-4AD2-9BAE-7A321A636333}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{61A73542-AF08-4B8C-A0DC-95558CA25B5E}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{9CB488EB-AD19-4F30-BF5D-4D0AB6A0409B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{E4D61CDB-9CAC-467B-8050-C9F0D6B4DB58}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{6F6E4871-E4F9-4C7E-A5DB-E187787D7703}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{083A6E97-B39C-48BB-91A4-FAB7529B3DC5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{44F89CA5-9445-4472-8861-A732AFCD49CF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4E10760C-A69E-4215-B706-E28BBB27DC54}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{27D363BB-537A-4E94-9711-99FEFE571673}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{A36350A5-8D77-41FB-AB66-EE491CA5E617}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{58D87A25-88D7-4BBB-8B56-03C2973FF673}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{6BCFE2A2-1284-4594-8D51-AA12AC303D52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{A70A988C-FC5F-4304-8C6A-33E7CDB5412C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B94BAC81-D6DC-4439-BA66-734BD7E5EE9D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D24F8489-B620-443D-80CA-E37311271871}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3B9EDA87-5966-4F45-BD5D-173D5912CDB6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
C:\Windows\SysWOW64\muzapp.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKLM\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders => value restored successfully
"C:\Windows\system32\msapsspc.dll" => File/Folder not found.
Could not move "C:\Windows\system32\schannel.dll" => Scheduled to move on reboot.
"C:\Windows\system32\digest.dll" => File/Folder not found.
"C:\Windows\system32\msnccpc.dll" => File/Folder not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => key removed successfully
HKCR\Wow6432Node\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => key removed successfully
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e08861fe-8847-4b2a-8ec2-08edb20e4020}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{e08861fe-8847-4b2a-8ec2-08edb20e4020}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6} => value removed successfully
"HKCR\Wow6432Node\CLSID\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6}" => key removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32D61BDE-11B4-48DB-B288-D162E53842D1}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7908A5C4-119C-46D2-A994-CEFCE780D96F}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E080707E-8116-4161-ABBD-F4924D0C64C5}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FD934EB6-ECC3-42C0-BB40-D1284E1136FC}\\DhcpNameServer => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bjopainmibagbfpkheeolkahcgmejiek => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idiogmhbdjghifhgbcmhgaollhhpahhm => key not found. 
SR => Service removed successfully
SRService => Service removed successfully
C:\Windows\System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B} => moved successfully.
C:\win-data => moved successfully.
C:\Windows\System32\Tasks\{F059F625-DD77-472C-8098-D8BD0C7174C9} => moved successfully.
C:\Windows\System32\Tasks\{8033E51C-C0F1-48D8-9745-3C9D9F66D74F} => moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully.
C:\Users\Keith\AppData\Roaming\Application.set => moved successfully.
C:\Users\Keith\AppData\Roaming\pnmfzy.dat => moved successfully.
C:\Users\Keith\AppData\Roaming\SharedSettings.ccs => moved successfully.
C:\Users\Keith\AppData\Local\fusioncache.dat => moved successfully.
C:\Users\Keith\AppData\Local\Jgomej.bin => moved successfully.
C:\Users\Keith\AppData\Local\resmon.resmoncfg => moved successfully.
C:\ProgramData\bzj4j6jr.bxx => moved successfully.
C:\ProgramData\bzj4j6jr.fvv => moved successfully.
C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpay3sx0.dll => moved successfully.
"C:\Users\Keith\AppData\Local\Temp\cct.dll" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojxrmn.dll" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\jre-8u51-windows-au.exe" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\msscct32.dll" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\rscp_setup.exe" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\YSearchUtil.dll" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\ytb.exe" => File/Folder not found.
C:\Users\Keith\AppData\Local\Temp\_is13BE.exe => moved successfully.
C:\Users\Keith\AppData\Local\Temp\_is7722.exe => moved successfully.
C:\Users\Keith\AppData\Local\Temp\_is77CE.exe => moved successfully.
C:\Users\Keith\AppData\Local\Temp\_isE8BA.exe => moved successfully.
C:\Windows\logo1_.exe => moved successfully.
C:\Windows\logo_1.exe => moved successfully.
C:\Windows\RUNDL132.EXE => moved successfully.
C:\Windows\rundll16.exe => moved successfully.
C:\Windows\VDLL.DLL => moved successfully.
C:\Windows\SysWOW64\regsvr.exe => moved successfully.
C:\Windows\SysWOW64\runouce.exe => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38F03569-A636-4CF3-BDDE-032C8C251304}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BCB9E12-FB50-44D6-ADC8-DBDB303E8D13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BCB9E12-FB50-44D6-ADC8-DBDB303E8D13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{114A09A0-6AD4-42F0-983C-316FD5DC7E82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{114A09A0-6AD4-42F0-983C-316FD5DC7E82}" => key removed successfully
C:\Windows\System32\Tasks\{3C89B5EF-D455-4ED6-9F2B-7504537BED5C} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C89B5EF-D455-4ED6-9F2B-7504537BED5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64E3D327-F505-47E1-BD0E-E6F22AAC44D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64E3D327-F505-47E1-BD0E-E6F22AAC44D5}" => key removed successfully
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully
"C:\Users\Keith\AppData\Local\vidshakeSA" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{843DD464-00DB-4BC6-833D-E4E7110AF14F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{843DD464-00DB-4BC6-833D-E4E7110AF14F}" => key removed successfully
C:\Windows\System32\Tasks\{CAD2412B-5DA1-43C0-BD60-82C5F14A7187} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAD2412B-5DA1-43C0-BD60-82C5F14A7187}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87E22B15-4A51-4AB8-A4E8-3CDB45D9E3B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87E22B15-4A51-4AB8-A4E8-3CDB45D9E3B9}" => key removed successfully
C:\Windows\System32\Tasks\Driver Robot => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Robot" => key removed successfully
"C:\Program Files (x86)\Driver Robot" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87F0910F-44EC-4BE7-89D3-74E636E4991A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87F0910F-44EC-4BE7-89D3-74E636E4991A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F962743-52B4-4491-BB62-5919A6AC7CAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F962743-52B4-4491-BB62-5919A6AC7CAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC4F9DAA-D490-485A-94D6-EE727CD725C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC4F9DAA-D490-485A-94D6-EE727CD725C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E513A030-3C49-4AEF-8C1B-1CFA3E02837C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E513A030-3C49-4AEF-8C1B-1CFA3E02837C}" => key removed successfully
C:\Windows\System32\Tasks\{953A5185-EFC9-437D-8EEB-D22CE2D0908B} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{953A5185-EFC9-437D-8EEB-D22CE2D0908B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F249C28D-AB81-4A8C-A157-EAD9E514308E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F249C28D-AB81-4A8C-A157-EAD9E514308E}" => key removed successfully
C:\Windows\System32\Tasks\{C3F3CCED-F0A0-4073-A9B0-7A501053DBC5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C3F3CCED-F0A0-4073-A9B0-7A501053DBC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5C44344-50CE-409F-A14F-79B98CD6BD87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5C44344-50CE-409F-A14F-79B98CD6BD87}" => key removed successfully
C:\Windows\System32\Tasks\{DD4C3ADD-50E8-4E3F-83FC-A01DF5B5572F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD4C3ADD-50E8-4E3F-83FC-A01DF5B5572F}" => key removed successfully
C:\Windows\Tasks\Driver Robot.job => moved successfully.
"C:\Users\Keith\Desktop\location.ppp" => ":SummaryInformation" ADS not found.
C:\Users\Keith\Desktop\location.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
"HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88764826-9C29-45D5-8C55-CE263395BD13}C:\program files (x86)\limewire\limewire.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{20734BBE-522F-4170-B1C9-51FD16B5F208}C:\program files (x86)\limewire\limewire.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9884DA8-AD7A-43A1-8CE0-2B472F41FEA0}C:\users\keith\appdata\roaming\deaz\oqzo.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{84ADAAC9-4D12-4F6A-A336-67F0C0161E41}C:\users\keith\appdata\roaming\deaz\oqzo.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C247B76-AA4E-42D1-BEE8-D03064297954}C:\users\keith\appdata\roaming\azyhc\ognez.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B9A38AA0-6D74-4932-9A9E-AB945818AD68}C:\users\keith\appdata\roaming\azyhc\ognez.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9B3086F-C28E-4DAB-A848-CA1930D7E0BA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72ECC82F-3FDA-4906-8C40-47E76D0C9FBA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44DF76E4-0E6E-4AD2-9BAE-7A321A636333} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61A73542-AF08-4B8C-A0DC-95558CA25B5E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CB488EB-AD19-4F30-BF5D-4D0AB6A0409B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4D61CDB-9CAC-467B-8050-C9F0D6B4DB58} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F6E4871-E4F9-4C7E-A5DB-E187787D7703} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{083A6E97-B39C-48BB-91A4-FAB7529B3DC5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44F89CA5-9445-4472-8861-A732AFCD49CF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E10760C-A69E-4215-B706-E28BBB27DC54} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27D363BB-537A-4E94-9711-99FEFE571673} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A36350A5-8D77-41FB-AB66-EE491CA5E617} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58D87A25-88D7-4BBB-8B56-03C2973FF673} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BCFE2A2-1284-4594-8D51-AA12AC303D52} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A70A988C-FC5F-4304-8C6A-33E7CDB5412C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B94BAC81-D6DC-4439-BA66-734BD7E5EE9D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D24F8489-B620-443D-80CA-E37311271871} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B9EDA87-5966-4F45-BD5D-173D5912CDB6} => value removed successfully
C:\Windows\SysWOW64\muzapp.exe => moved successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-20 23:40:39)<=
 
C:\Windows\system32\schannel.dll => Is moved successfully
 
==== End of Fixlog 23:40:39 ====


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 21 July 2015 - 04:00 AM

Hi,

 

First of all, you are very welcome. I sincerely enjoy doing this, especially when I successfully help others and make them happy. :)

 

Excellent! Lots of cleaning done. :thumbup2: Regarding Revo, I actually have that same problem sometimes. Perhaps it's time to send in a bug report, especially since they haven't updated their free version in quite some time.

 

Now then, I've noticed you have quite a few items disabled in MSCONFIG. This is a pretty messy way of disabling start-up entries, and I'd be more than happy to re-disable any you'd like using a cleaner method. As such, I'd like for you to re-enable any disabled items in MSCONFIG. Sorry for not asking this earlier; slipped my mind when I was posting last time. :wacko:

 

Are you having any issues right now, new or old? It's important to let me know, because it'll help me decide what to do next. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 July 2015 - 04:37 PM

Hi Gunto

 

I have now re-enabled all start up entries under MSCONFIG and everything seems to be working normally with the exception of IE which is still being hijacked by yourhomepage.net unfortunately.

 

Any further thoughts?

 

MegaZak

 

PS What method of disabling start up items would you recommend if not MSCONFIG? 



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 22 July 2015 - 09:09 AM

Hi,
 
Sorry to hear that, but I've got some more tricks up my sleeve. :)
 
I can use FRST to simply remove the start-up entries altogether, and without disturbing the files. I will have you get to that later in this post, though.

 

AdwCleaner

I need you to run AdwCleaner to see what it will remove.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Scan button.
  • Once it's done scanning, click Cleaning, and accept any prompts from the program. When it's done cleaning, a log will pop up; please copy and paste it into your reply.

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Lastly, please run a fresh scan with FRST so I can get a current look at your system. You should only have to copy one log this time. Now would also be the time to tell me what start-up entries you want me to remove.

 

Did AdwCleaner or JRT take care of the problem?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 22 July 2015 - 04:28 PM

Success  :bounce:

 

Hi Gunto. I have followed your instructions to the letter and am finally happy to report that IE is back to normal, the nasty hijacker appears to have been well and truly vanquished. Thank you Gunto, your help is very much appreciated.

 

I won't take up your time any further so please don't bother about the start up items. They really aren't a problem and I know that judging by the number of topics in this forum, there are many other people who will be clambering for your wonderful expertise. 

 

I am still attaching the 3 logs you asked for but as I say, please don't spend any further time on me. And thank you so much again.  :clapping:

 

MegaZak  :bowdown:

Attached Files



#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 23 July 2015 - 03:24 AM

Hi,

 

Excellent! Again, it's my pleasure, and while I most certainly appreciate the praise, the people you should really be thanking are the developers of the wonderful tools I'm using to help you with. :)

 

Let me assure you this: when I pick up a topic, I 100% expect to see it through to the end. My responsibility doesn't end when the malware is gone; I still need to make sure the system is clean, remove any leftovers, and fulfill any other duties I agreed to while helping. Doing this is in no way an inconvenience; I sincerely enjoy what I do and I fully expect to follow this procedure every time I volunteer to help someone. So, if you don't mind, I would love to finish what I started. :thumbup2:

 

With that said, now that the malware is gone, we're quite close to being done!

 

I have to ask; did you install the DRPU PC Data Manager keylogger yourself? If you did, as a malware removal helper I must strongly encourage you to remove it. If you're monitoring someone, you should talk to them about their behavior on the computer if you feel the need to do so. If you didn't, you should obviously remove it immediately.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST. This will take care of some leftovers and start-up entries.

 

Regarding the latter, I included any entries that are unnecessary to start at boot. If you want to keep any of them, feel free to tell me and I'll remove them from the script (or, if you want, you can do so yourself, but please be careful if you do!).

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\...\Run: [TelevisionFanatic Home Page Guard 64 bit] => "C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator64.exe"
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKLM-x32\...\Run: [TkBellExe] => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
    HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
    HKLM-x32\...\Run: [HTC Sync Loader] => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-20] (Glarysoft Ltd)
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\MountPoints2: {d04c3f81-3154-11df-bf74-806e6f6e6963} - E:\SETUP.EXE
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk [2015-07-20]
    Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2015-07-20]
    Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2015-07-20]
    Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-07-20]
    Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-20]
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    R0 szkg5; SySWOW64\drivers\szkg64.sys [X]
    C:\Windows\System32\Tasks\Safer-Networking
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    C:\Windows\wininit.iniC:\PROGRA~2\TELEVI~2
    C:\Program Files\Webroot
    C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvo_in.dll
    C:\Users\Keith\AppData\Local\Temp\ose00000.exe
    C:\Users\Keith\AppData\Local\Temp\Quarantine.exe
    C:\Users\Keith\AppData\Local\Temp\sqlite3.dll
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware to check for any leftovers.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then tick the Custom Scan option, and hit the Scan Now >> button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 24 July 2015 - 04:52 AM

Hi Gunto

 

I appreciate your comments and thought I may have spoken too soon as earlier today my PC froze, not once but twice. I had to reboot both times. It's never done that before so perhaps that is a leftover from the browser hijack problem?

 

Anyway, as regards the DRPU PC Data Manager keylogger, I seem to recall testing one a few years back (purely out of curiosity) but I thought I had removed it soon after. It is not listed in either Revo or the M/S uninstall feature so I would appreciate your advice on how to remove it.

 

I have run the fix using FRST and this is the resulting fixlog.txt.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Keith at 2015-07-23 19:04:29 Run:2
Running from D:\Keith\Downloads
Loaded Profiles: Keith (Available Profiles: Keith & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [TelevisionFanatic Home Page Guard 64 bit] => "C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [TkBellExe] => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\...\MountPoints2: {d04c3f81-3154-11df-bf74-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk [2015-07-20]
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2015-07-20]
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2015-07-20]
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-07-20]
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-20]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R0 szkg5; SySWOW64\drivers\szkg64.sys [X]
C:\Windows\System32\Tasks\Safer-Networking
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
C:\Windows\wininit.iniC:\PROGRA~2\TELEVI~2
C:\Program Files\Webroot
C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvo_in.dll
C:\Users\Keith\AppData\Local\Temp\ose00000.exe
C:\Users\Keith\AppData\Local\Temp\Quarantine.exe
C:\Users\Keith\AppData\Local\Temp\sqlite3.dll
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Home Page Guard 64 bit => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WRSVC => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HTC Sync Loader => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EEventManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ATICustomerCare => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GUDelayStartup => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04c3f81-3154-11df-bf74-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{d04c3f81-3154-11df-bf74-806e6f6e6963} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk => moved successfully.
C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk => moved successfully.
C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk => moved successfully.
C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk => moved successfully.
C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk => moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
szkg5 => Service removed successfully
C:\Windows\System32\Tasks\Safer-Networking => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime => moved successfully.
"C:\Windows\wininit.iniC:\PROGRA~2\TELEVI~2" => File/Folder not found.
"C:\Program Files\Webroot" => File/Folder not found.
"C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvo_in.dll" => File/Folder not found.
C:\Users\Keith\AppData\Local\Temp\ose00000.exe => moved successfully.
C:\Users\Keith\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\Keith\AppData\Local\Temp\sqlite3.dll => moved successfully.

==== End of Fixlog 19:04:33 ====

 

 

I then ran Malwarebytes and it picked up 3 infections, the log of which is below. However, when my computer rebooted itself, although the desktop appeared as normal, none of the icons I clicked on would work and then the cursor froze again. Yet again I had to reboot to resovle this problem!

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 24/07/2015

Scan Time: 00:16

Logfile:

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.23.05

Rootkit Database: v2015.07.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Keith

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 729112

Time Elapsed: 3 hr, 20 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 3

Trojan.MSIL.INJ, D:\Keith\Downloads\Metro 1.7 & 1.8 Hacked Client.zip, Quarantined, [69c8ce17b2d82c0a940c19a80bf602fe],

PUP.Optional.Downloader, D:\Keith\Downloads\Minecraft_client_Downloader.zip, Quarantined, [08297372a9e12e08b668025aa0605ba5],

PUP.Optional.Bandoo.A, D:\Keith\Downloads\Tom\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, Quarantined, [1120b72e2f5b2c0aee5f99d45aabc040],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 

 

 



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 24 July 2015 - 07:53 AM

Hi,

 

Well, it's a good thing you kept me around, isn't it? :P

 

Not exactly sure what's causing your freezing problems, but I can't come to any conclusions without a fresh log. So - you guessed it - I need you to run yet another scan with FRST. However, this time, make sure the Addition.txt option is checked before starting the scan. Both logs will help me find out if that keylogger is hiding (or if I just found an orphaned entry for it), as well as any new baddies that may have invaded.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 24 July 2015 - 01:33 PM

Hi Gunto

 

The 2 logs you asked for are attached. This time I had to reboot the computer 3 times before it would work. Hope you'll be able to find the fault, otherwise I'm tempted to wipe the drive and reinstall windows. That is obviously a last resort and time consuming but I need the darn thing to be working properly!

 

MegaZak

Attached Files



#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:42 AM

Posted 24 July 2015 - 03:50 PM

Hi,

 

I sincerely hope that will not be necessary! I imagine it's highly frustrating to deal with this thing, but don't give up on me yet; I've already got an idea. :)

 

VirusTotal

Addition.txt shows numerous errors originating from ntdll.dll, which is a highly crucial Windows file. If it's screwed up, let's just say the operating system will not be happy about it. I think it's a safe bet it's why you're having so many problems, so I'd like for you to scan it on VirusTotal to see if it's infected.

  • Visit VirusTotal, and click Choose File. Navigate to C:\Windows\System32\ntdll.dll and choose the file for upload.
  • Click Scan it! after choosing your file. If you receive a message telling you the file has already been scanned, please scan it again anyway.
  • Once VirusTotal is done scanning the file, copy and paste the URL of the scan results into your reply.

Farbar Recovery Scan Tool

Time to run another FRST fix. Mostly taking care of some orphans, including that keylogger leftover I mentioned earlier.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [DRPU PC Data Manager(Basic)] => "C:\Program Files (x86)\DRPU PC Data Manager(Basic)\pcdm.exe" "hd"
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455
    S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    C:\Program Files (x86)\DRPU PC Data Manager(Basic)
    C:\Windows\System32\DRIVERS\bdfsfltr.sys
    C:\Windows\system32\Drivers\kgpcpy.cfg
    C:\ProgramData\STOPzilla!
    C:\ProgramData\Spybot - Search & Destroy
    C:\Windows\wininit.ini
    C:\PROGRA~2\TELEVI~2
    C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwnidt.dll
    C:\Users\Keith\AppData\Local\Temp\ose00001.exe
    ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden
    Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
    Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    ccc-core-static (x32 Version: 2010.0202.2335.42270 - ATI) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    Task: {3771ED5E-9D41-4889-807E-AC688CC65A21} - \{8033E51C-C0F1-48D8-9745-3C9D9F66D74F} No Task File <==== ATTENTION
    Task: {45D4F636-2F86-4E0A-A06D-2FD787D72C6D} - \{F059F625-DD77-472C-8098-D8BD0C7174C9} No Task File <==== ATTENTION
    Task: {4A09F391-D82B-4B35-B495-F4DDD788DC4D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {652DD302-FDEE-46CC-902D-2614EB253DFC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:SummaryInformation
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
    HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile:  <===== ATTENTION!
    FirewallRules: [{DA343148-1232-4FA3-9B34-EAEAB8494D61}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    C:\Windows\pss\wwwrfd32.exe.vir.Startup
    C:^Users^Keith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wwwrfd32.exe.vir
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Final Notes

 

Now then, what do we have here? :whistle:

 

MSCONFIG/TASK MANAGER disabled items

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\startupfolder: C:^Users^Keith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wwwrfd32.exe.vir => C:\Windows\pss\wwwrfd32.exe.vir.Startup

 

Remember, I have no problem disabling start-up items for you in FRST. The second one is quite the enigma, though; I won't lie and say I didn't find it amusing. :P If it still existed when you ran all these fixes, FRST will have taken care of it, as I included it in the script.

 

You may also want to uninstall these, seeing as how I see no other Yahoo! software on your system and the lack of a version number and company name in FRST is rather suspicious:

Yahoo! Install Manager
Yahoo! Software Update

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 MegaZak

MegaZak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 24 July 2015 - 07:04 PM

Hi Gunto

 

I have run the scan with Virus Total and the result of the scan is here:-

https://www.virustotal.com/en/file/67519bcf5cf856c149a69e11e0baaea3402dc3678fcb7b7fac00e91a75c24bf8/analysis/1437777098/

 

 

I ran your latest fix with FRST and the following log was produced:-

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015

Ran by Keith at 2015-07-24 23:38:30 Run:3

Running from D:\Keith\Downloads

Loaded Profiles: Keith (Available Profiles: Keith & Guest)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

HKLM-x32\...\Run: [DRPU PC Data Manager(Basic)] => "C:\Program Files (x86)\DRPU PC Data Manager(Basic)\pcdm.exe" "hd"

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:2455;https=127.0.0.1:2455

S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

C:\Program Files (x86)\DRPU PC Data Manager(Basic)

C:\Windows\System32\DRIVERS\bdfsfltr.sys

C:\Windows\system32\Drivers\kgpcpy.cfg

C:\ProgramData\STOPzilla!

C:\ProgramData\Spybot - Search & Destroy

C:\Windows\wininit.ini

C:\PROGRA~2\TELEVI~2

C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwnidt.dll

C:\Users\Keith\AppData\Local\Temp\ose00001.exe

ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden

Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden

Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

ccc-core-static (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Task: {3771ED5E-9D41-4889-807E-AC688CC65A21} - \{8033E51C-C0F1-48D8-9745-3C9D9F66D74F} No Task File <==== ATTENTION

Task: {45D4F636-2F86-4E0A-A06D-2FD787D72C6D} - \{F059F625-DD77-472C-8098-D8BD0C7174C9} No Task File <==== ATTENTION

Task: {4A09F391-D82B-4B35-B495-F4DDD788DC4D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {652DD302-FDEE-46CC-902D-2614EB253DFC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

AlternateDataStreams: C:\Users\Keith\Desktop\location.ppp:SummaryInformation

HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!

HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile:  <===== ATTENTION!

FirewallRules: [{DA343148-1232-4FA3-9B34-EAEAB8494D61}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe

C:\Windows\pss\wwwrfd32.exe.vir.Startup

C:^Users^Keith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wwwrfd32.exe.vir

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DRPU PC Data Manager(Basic) => value removed successfully

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

bdfsfltr => Service removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully.

C:\Program Files (x86)\DRPU PC Data Manager(Basic) => moved successfully.

C:\Windows\System32\DRIVERS\bdfsfltr.sys => moved successfully.

C:\Windows\system32\Drivers\kgpcpy.cfg => moved successfully.

C:\ProgramData\STOPzilla! => moved successfully.

C:\ProgramData\Spybot - Search & Destroy => moved successfully.

C:\Windows\wininit.ini => moved successfully.

"C:\PROGRA~2\TELEVI~2" => File/Folder not found.

C:\Users\Keith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwnidt.dll => moved successfully.

C:\Users\Keith\AppData\Local\Temp\ose00001.exe => moved successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72736F5F-520D-472A-88CC-7B02872FD34E}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25175695-4B20-4298-9F34-C2C57CD277B3}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3771ED5E-9D41-4889-807E-AC688CC65A21}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3771ED5E-9D41-4889-807E-AC688CC65A21}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8033E51C-C0F1-48D8-9745-3C9D9F66D74F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45D4F636-2F86-4E0A-A06D-2FD787D72C6D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45D4F636-2F86-4E0A-A06D-2FD787D72C6D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F059F625-DD77-472C-8098-D8BD0C7174C9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A09F391-D82B-4B35-B495-F4DDD788DC4D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A09F391-D82B-4B35-B495-F4DDD788DC4D}" => key removed successfully

C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{652DD302-FDEE-46CC-902D-2614EB253DFC}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{652DD302-FDEE-46CC-902D-2614EB253DFC}" => key removed successfully

C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4264480971-1498984515-3285744698-1000" => key removed successfully

"C:\Users\Keith\Desktop\location.ppp" => ":SummaryInformation" ADS not found.

"HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile" => key removed successfully

"HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\.exe" => key removed successfully

HKU\S-1-5-21-4264480971-1498984515-3285744698-1000\Software\Classes\exefile => key not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA343148-1232-4FA3-9B34-EAEAB8494D61} => value removed successfully

"C:\Windows\pss\wwwrfd32.exe.vir.Startup" => File/Folder not found.

C:^Users^Keith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wwwrfd32.exe.vir => Error: No automatic fix found for this entry.

 

==== End of Fixlog 23:38:44 ====

 

 

Perhaps I should say at this stage that whilst I can build computers, programming is a foreign language to me and how you read all these logs I just do not know. Likewise the second item in the MSCONFIG/TASK MANAGER disabled items that you found amusing and described as an enigma. What was it? If you didn’t live so far away I’d be commissioning you for tuition lol. Actually I was in LV last month but didn’t have my current problems then lol.

 

Anyway, re your final suggestions. First I uninstalled Yahoo Install Manager using Revo but interestingly it told me the specified module could not be found. Revo did complete the unistallation run nevertheless. I also removed Yahoo Software Update the same way and interestingly, that took well over 5 minutes to complete so perhaps these 2 items were indeed causing problems.

However, after completing all the above work I rebooted my PC but regret to say that the first thing it did ……………………….. was freeze again !    :(

 

MegaZak






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users