Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

admin password pop up box, unable to run any downloads


  • This topic is locked This topic is locked
4 replies to this topic

#1 Farmgirl55

Farmgirl55

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 27 July 2015 - 08:03 PM

unable to run my Norton antivirus or download any malware software without the admin password box popping up. when I press enter button, a new window pops up, multiple ads come up on the screen, i can log on to my computer, i can access the internet, i am unable to download any virus/malware software without the popup admin password box. have no idea what the password could be. have tried to reset the clock, popup box comes up. 



BC AdBot (Login to Remove)

 


m

#2 Farmgirl55

Farmgirl55
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 27 July 2015 - 08:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Speed (ATTENTION: The logged in user is not administrator) on SPEED-PC (27-07-2015 20:50:58)
Running from C:\Users\Speed\Downloads
Loaded Profiles: Speed (Available Profiles: Speed & temporarory)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe"
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [BreezyConnector] => C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreezyPrint Corporation\Breezy Connector.appref-ms
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-04-01] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [InstallIQUpdater] => C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe [623792 2015-06-15] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4862384 2012-03-21] (Exent Technologies Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File not found
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk [2014-08-05]
ShortcutTarget: BoostUpdater.lnk -> C:\Program Files (x86)\Boost\BoostUpdater.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49544;https=127.0.0.1:49544
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
URLSearchHook: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 - (No Name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = 
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {A6863B15-AF4B-4B3C-BC7B-4E3403C604E1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Cinema-Plus-1.2c -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\Cinema-Plus-1.2c\Cinema-Plus-1.2c-bho64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll [2013-05-16] ()
BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll [2014-05-15] (Jigsaw)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611171162} ->  No File
BHO-x32: Toolbar BHO -> {27488090-768a-4d20-a938-f223f71c344c} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
BHO-x32: Re-Markable -> {2F933C71-070C-F9FC-043D-37CA4A9A7B1F} -> C:\Program Files (x86)\ver7Re-Markable\176.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: TV Bar 2 Toolbar -> {75e0046f-2275-4bce-9afd-d8da19abdf0b} -> C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll [2013-05-16] ()
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [2012-06-21] (Vertro, Inc)
BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll [2014-05-15] (Jigsaw)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll [2012-05-20] (MindSpark)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll [2011-03-03] (Oberon Media Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
Toolbar: HKLM-x32 - No Name - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -  No File
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll [2012-06-21] (Vertro, Inc)
Toolbar: HKLM-x32 - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{41CB1D3D-8989-4FA9-9EF1-73677B066C87}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B089CA44-E052-40D8-9115-61B9C4444059}: [DhcpNameServer] 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M1AF58237-B777-48DF-936D-A94AF49E8127&SearchSource=69&CUI=&SSPV=SP21715VA_sp_ff&Lay=1&UM=6&UP=SP587B2229-74A0-4B54-A523-F32D97D8C639
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: @Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll [2012-05-20] (MindSpark)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Speed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Speed\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\user.js [2014-10-21]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\ask-search.xml [2014-01-29]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Astromenda.xml [2014-12-12]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\trovi-search.xml [2014-10-13]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Web Search.xml [2014-08-09]
FF Extension: Plus-HD-V1.9c - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\0b105cbff1eb40b89bca7dae371d@7ead239035fb4613ab38ef.com [2015-06-03]
FF Extension: sipgateffxmichaelrotmanov - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\sipgateffx@michael.rotmanov [2014-08-18]
FF Extension: Astromenda NT - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf} [2014-09-15]
FF Extension: Astrmenda Search - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-21]
FF Extension: Boost - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\boost@boost.net.xpi [2014-05-15]
FF Extension: Framed Display - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{7012eec1-4f37-42d4-a2cd-26727494d248}.xpi [2014-10-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-27]
FF HKLM-x32\...\Firefox\Extensions: [5qffxtbr@Zwinky_5q.com] - C:\Program Files (x86)\Zwinky_5q\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\Zwinky_5q\bar\1.bin [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-07-12]
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [{3E5C8284-F12E-5CA8-47C1-0926B2C48BAB}] - C:\Program Files (x86)\ver7Re-Markable\176.xpi
FF Extension: No Name - C:\Program Files (x86)\ver7Re-Markable\176.xpi [2014-08-09]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-15]
CHR Extension: (Google Drive) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-15]
CHR Extension: (YouTube) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-03]
CHR Extension: (Google Search) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-03]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-07-27]
CHR Extension: (Zwinky) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg [2015-03-31]
CHR Extension: (Boost) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-08-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Skype Click to Call) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-06]
CHR Extension: (Cinema-Plus-1.2c) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-08-10]
CHR Extension: (App Bud) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15]
CHR Extension: (Astromenda New Tab) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-21]
CHR Extension: (Gmail) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-20]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-20]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2011-02-03] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-04] (Enigma Software Group USA, LLC.)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-05-16] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Zwinky_5qService; C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe [42528 2012-05-20] (COMPANYVERS_NAME)
S2 AlotService; C:\Users\Emilie.Speed-PC\AppData\LocalLow\alotservice\alotservice.exe [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-06-02] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-14] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-14] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-04] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-04] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20150619.001\IDSvia64.sys [692984 2015-06-22] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150622.002\ENG64.SYS [129752 2015-06-14] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150622.002\EX64.SYS [2137304 2015-06-14] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-13] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 Tosrfcom; No ImagePath
S2 webinstr; C:\windows\system32\Drivers\webinstr.sys [57528 2014-07-16] (Corsica)
S2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 20:50 - 2015-07-27 20:51 - 00038809 _____ C:\Users\Speed\Downloads\FRST.txt
2015-07-27 20:50 - 2015-07-27 20:51 - 00000000 ____D C:\FRST
2015-07-27 20:50 - 2015-07-27 20:50 - 02146816 _____ (Farbar) C:\Users\Speed\Downloads\FRST64.exe
2015-07-12 01:53 - 2015-07-12 01:53 - 00000000 ____D C:\ProgramData\WRData
2015-07-12 01:41 - 2015-07-12 01:42 - 52822240 _____ (Microsoft Corporation) C:\Users\Speed\Downloads\Windows-KB890830-x64-V5.25 (1).exe
2015-07-12 01:41 - 2015-07-12 01:41 - 02253456 _____ (Microsoft Corporation) C:\Users\Speed\Downloads\DefaultPack (1).EXE
2015-07-12 01:31 - 2015-07-12 01:31 - 52822240 _____ (Microsoft Corporation) C:\Users\Speed\Downloads\Windows-KB890830-x64-V5.25.exe
2015-07-12 01:31 - 2015-07-12 01:31 - 02253456 _____ (Microsoft Corporation) C:\Users\Speed\Downloads\DefaultPack.EXE
2015-07-12 01:21 - 2015-07-12 01:22 - 10113976 _____ (SurfRight B.V.) C:\Users\Speed\Downloads\HitmanPro.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 01:08 - 2012-07-26 10:40 - 351466263 _____ C:\alotserviceruntime.log
2015-07-12 01:05 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 01:04 - 2009-07-14 00:51 - 00082814 _____ C:\windows\setupact.log
2015-07-12 00:51 - 2011-07-11 09:18 - 01219267 _____ C:\windows\WindowsUpdate.log
2015-07-12 00:47 - 2014-12-09 14:08 - 00000000 __SHD C:\Users\Speed\AppData\Local\EmieBrowserModeList
2015-07-12 00:47 - 2014-08-20 02:15 - 00000000 __SHD C:\Users\Speed\AppData\Local\EmieUserList
2015-07-12 00:47 - 2014-08-20 02:15 - 00000000 __SHD C:\Users\Speed\AppData\Local\EmieSiteList
2015-07-12 00:47 - 2014-08-05 17:09 - 00000000 ____D C:\Users\Speed\AppData\Local\SevereWeatherAlerts
2015-07-12 00:44 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 00:44 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 00:40 - 2009-07-14 01:13 - 00801666 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-12 00:35 - 2014-06-15 22:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 00:34 - 2014-08-09 23:21 - 00000934 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-12 00:34 - 2012-05-21 16:28 - 00000416 _____ C:\windows\Tasks\PC Optimizer Pro64 startups.job
2015-07-12 00:17 - 2014-06-15 22:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-09-04 23:04 - 2014-09-04 23:04 - 0000318 _____ () C:\Users\Speed\AppData\Roaming\aps.uninstall.scan.results
2014-09-04 23:57 - 2015-03-08 13:09 - 0000164 _____ () C:\Users\Speed\AppData\Roaming\WB.CFG
2014-09-16 19:18 - 2014-09-17 22:06 - 1077248 _____ () C:\Users\Speed\AppData\Local\ChromeHitoryDB
2014-12-12 17:00 - 2014-12-18 21:00 - 0000010 _____ () C:\Users\Speed\AppData\Local\DSI.DAT
2014-12-12 17:00 - 2014-12-12 17:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup118977592.exe
2014-12-18 21:00 - 2014-12-18 21:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup4929319122.exe
2011-11-27 15:14 - 2014-03-15 16:45 - 0001668 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 22:41 - 2013-06-24 22:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-07-02 13:11 - 2013-07-02 13:11 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\Speed\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite10860.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite12001.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15292.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15972.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite17668.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite18989.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite20316.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26127.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26931.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite28508.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite31190.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite32298.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite34029.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite36275.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite39760.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43041.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite44438.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46048.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46245.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46962.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47018.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47556.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite48779.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite52925.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57538.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57683.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite58463.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite64446.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite66362.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite70142.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75524.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75721.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite80577.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite81984.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite89ad64e3-3c5c-4e6c-ba31-be71df4e8240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91338.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91480.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91777.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite97946.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99219.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99276.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

Edited by Orange Blossom, 29 July 2015 - 01:16 AM.
Merged topics. ~ OB


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 AM

Posted 29 July 2015 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Speed (ATTENTION: The logged in user is not administrator) on SPEED-PC (27-07-2015 20:50:58)


I need to see a fresh FRST log executed with an Administrator rights.
Please Right click ont the farbar program exe and select run as an Administrator.

Also include the Addition.txt file that was created the first time you ran the Farbar tool.

Let me know what problem persists on this computer.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 AM

Posted 03 August 2015 - 06:58 AM

Are you still with me?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 AM

Posted 08 August 2015 - 07:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users