Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networking Only Available in Safe Mode


  • This topic is locked This topic is locked
18 replies to this topic

#1 sinnickel

sinnickel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 18 August 2015 - 03:47 PM

Windows was failing to fully load so I ran Spybot, Malware Bytes, CCleaner64, Trend Micro House Call and a scan with Security Essentials all in succession, repeatedly.  Five scans with each later, nothing was found but I still cannot access networking unless I am in safe mode.  I am stumped and would be so grateful for any assistance.  Here is my log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:26:33 PM, on 8/18/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
CHROME: 1.5.1383.0
FIREFOX: 35.0.1 (x86 en-US)
Boot mode: Safe mode with network support
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Randi\Desktop\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CA6D9F6F66D05348A4F983B1F2EB6AF0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Google Update] "C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [AutoStartVMA] C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Canon IJ Status Monitor Canon MG2900 series Printer.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe
O23 - Service: AllShare Play Service - Copyright 2012 SAMSUNG - C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc.  - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc.  - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IMService - Unknown owner - C:\Program Files (x86)\Common Files\Umbrella\Umbrella291.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13822 bytes
 


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 22 August 2015 - 11:11 AM

Hello sinnickel and welcome to BleepingComputer!               :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.                :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 sinnickel

sinnickel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 22 August 2015 - 12:06 PM

Thanks so much for your help.  

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 03
Ran by Randi (administrator) on RANDI-LAPTOP (22-08-2015 13:02:49)
Running from C:\Users\Randi\Downloads
Loaded Profiles: Randi (Available Profiles: Randi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-09-11] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-09-11] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-09-11] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Run: [GoogleChromeAutoLaunch_CA6D9F6F66D05348A4F983B1F2EB6AF0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Run: [Google Update] => C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-27] (Google Inc.)
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12899840 2015-02-24] (Verizon)
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG2900 series Printer.lnk [2015-08-09]
ShortcutTarget: Canon IJ Status Monitor Canon MG2900 series Printer.lnk -> C:\Users\Randi\CNMSSC~1.DLL",SMStarterEntryPoint USB002;Canon MG2900 series Printer;cnmss Canon MG2900 series Printer (Local).dll;Canon IJ Status Monitor Canon MG2900 series Printer.lnk (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} =>  No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-09-11] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3589389989-654522289-1902932010-1000 -> OldSearch URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCzz0CtDzzyBtD0EtB0EtBtN0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Dzy0E0F0DtD0FtG0DyCtAyCtG0EtAtB0FtG0F0E0E0BtGyC0E0CtA0EzyzyyDyD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CtDyCtCyD0ByDtGyDtC0FyBtGyCyDtAzztG0A0CzzyEtGyC0FtBtBtByEyC0Azz0Bzy0B2Q&cr=1378964342&ir=
SearchScopes: HKU\S-1-5-21-3589389989-654522289-1902932010-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={12420CB4-07FE-4688-9C49-30672E8FFC95}&mid=bb1e3743876a47d0a9fd2197b768e183-d2731adbd6e1898101fa3a2b071809e3b3810842&lang=en&ds=ft011&pr=sa&d=2012-04-28 13:30:03&v=11.0.0.9&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-05-20] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-06-03] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-12-18] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-06-03] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-05-20] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F60E030A-2914-42CE-A8DF-A615EC708766}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/-bfr-ef-rhb-32__alt__ddc_dsssyc_bd_com
FF SelectedSearchEngine: Yahoo Search!
FF DefaultSearchEngine: Yahoo Search!
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-05] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-05] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3589389989-654522289-1902932010-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Randi\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3589389989-654522289-1902932010-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Randi\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF user.js: detected! => C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\user.js [2015-08-09]
FF Extension: See More Results Hub - C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\Extensions\{4cbd9108-95a6-4f33-bde1-c9ac15b13e63}.xpi [2015-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-09-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google Cast) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-02-10]
CHR Extension: (Google Search) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (Magisto - Magical Video Editor) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2014-04-09]
CHR Extension: (Pin It Button) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-02-02]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-02-20]
CHR Extension: (Motorola Connect) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-11-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-08-18]
CHR Extension: (Gmail) - C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]
CHR HKLM\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3589389989-654522289-1902932010-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3589389989-654522289-1902932010-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [408184 2012-10-23] (Samsung)
S2 AllShare Play Service; C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [662752 2012-12-20] (Copyright 2012 SAMSUNG)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) [File not signed]
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-05] (RealNetworks, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 IMService; C:\Program Files (x86)\Common Files\Umbrella\Umbrella291.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-01-06] (http://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
U3 BcmSqlStartupSvc; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-22 13:02 - 2015-08-22 13:03 - 00024038 _____ C:\Users\Randi\Downloads\FRST.txt
2015-08-22 13:02 - 2015-08-22 13:02 - 00000000 ____D C:\FRST
2015-08-22 13:01 - 2015-08-22 13:01 - 02173952 _____ (Farbar) C:\Users\Randi\Downloads\FRST64.exe
2015-08-18 16:26 - 2015-08-18 16:26 - 00013824 _____ C:\Users\Randi\Desktop\hijackthis.log
2015-08-18 14:58 - 2015-08-18 14:59 - 00000000 ____D C:\Users\Randi\AppData\Roaming\QuickScan
2015-08-18 14:58 - 2015-08-18 14:58 - 00039480 _____ C:\Users\Randi\Downloads\qsinstaller.exe
2015-08-10 16:55 - 2015-08-18 22:03 - 00004050 _____ C:\windows\WindowsUpdate.log
2015-08-10 16:45 - 2015-08-16 10:45 - 00000112 _____ C:\windows\setupact.log
2015-08-10 16:45 - 2015-08-10 16:45 - 00000000 _____ C:\windows\setuperr.log
2015-08-09 14:52 - 2015-08-09 14:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-09 14:52 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-09 12:52 - 2015-08-09 12:52 - 00347127 _____ C:\Users\Randi\AppData\Local\census.cache
2015-08-09 12:51 - 2015-08-09 12:51 - 00205973 _____ C:\Users\Randi\AppData\Local\ars.cache
2015-08-09 12:44 - 2015-08-09 12:44 - 00000010 _____ C:\Users\Randi\AppData\Local\sponge.last.runtime.cache
2015-08-09 12:38 - 2015-08-09 12:38 - 02494944 _____ (Trend Micro Inc.) C:\Users\Randi\Downloads\HousecallLauncher64.exe
2015-08-09 12:17 - 2015-08-09 12:17 - 00000000 ____D C:\windows\pss
2015-08-09 12:08 - 2015-08-09 12:09 - 00000000 ____D C:\8b6682730d924ad935eb411b
2015-08-06 18:10 - 2015-08-06 18:10 - 00000000 _____ C:\windows\SysWOW64\sho46CB.tmp
2015-08-06 17:30 - 2015-08-16 10:48 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 17:30 - 2015-08-06 17:30 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 17:30 - 2015-08-06 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 17:30 - 2015-08-06 17:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-06 17:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-06 17:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-06 17:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-06 17:26 - 2015-08-08 16:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-05 20:18 - 2015-08-16 10:47 - 00016422 _____ C:\FaceProv.log
2015-08-05 19:41 - 2015-08-16 10:47 - 00000354 _____ C:\windows\Tasks\JDDFNWGDJL1.job
2015-08-05 19:41 - 2015-08-05 19:42 - 00000000 ____D C:\ProgramData\Service1104
2015-08-05 19:41 - 2015-08-05 19:41 - 00002876 _____ C:\windows\System32\Tasks\JDDFNWGDJL1
2015-08-05 19:41 - 2015-08-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-08-05 19:41 - 2015-08-05 19:41 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2015-08-05 19:01 - 2015-08-05 19:01 - 00002798 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-08-05 19:00 - 2015-08-05 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-05 19:00 - 2015-08-05 19:00 - 00000000 ____D C:\Program Files\CCleaner
2015-08-05 17:21 - 2015-08-05 17:21 - 00000000 ____D C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-22 13:02 - 2009-07-14 01:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-22 13:00 - 2011-09-11 22:48 - 00092797 _____ C:\windows\system32\fastboot.set
2015-08-18 14:51 - 2012-02-07 20:09 - 06175232 ___SH C:\Users\Randi\Downloads\Thumbs.db
2015-08-16 10:47 - 2014-06-17 16:53 - 00060120 _____ C:\windows\system32\debug.log
2015-08-16 10:47 - 2011-09-11 22:44 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 10:46 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-10 16:55 - 2012-10-14 13:21 - 03245568 ___SH C:\Users\Randi\Desktop\Thumbs.db
2015-08-09 14:52 - 2014-08-15 11:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-09 14:49 - 2012-09-10 17:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-09 14:48 - 2014-08-15 11:38 - 00000630 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-09 14:48 - 2014-08-15 11:38 - 00000460 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-08-09 12:37 - 2014-12-14 18:45 - 00000000 __SHD C:\Users\Randi\AppData\Local\EmieBrowserModeList
2015-08-09 12:37 - 2014-04-16 07:24 - 00000000 __SHD C:\Users\Randi\AppData\Local\EmieUserList
2015-08-09 12:37 - 2014-04-16 07:24 - 00000000 __SHD C:\Users\Randi\AppData\Local\EmieSiteList
2015-08-09 12:29 - 2011-09-11 22:34 - 00000000 ____D C:\ProgramData\VeriFace
2015-08-09 12:26 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 12:26 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 12:07 - 2012-04-02 19:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 15:23 - 2015-04-07 16:49 - 00000000 ____D C:\Users\Randi\AppData\Local\CrashDumps
2015-08-08 13:49 - 2011-09-11 22:44 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-08 13:45 - 2014-01-27 10:11 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA.job
2015-08-08 13:42 - 2015-06-29 14:47 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA.job
2015-08-06 18:11 - 2012-03-11 18:16 - 00000000 ____D C:\windows\Hewlett-Packard
2015-08-06 18:09 - 2014-06-01 08:26 - 00000000 ____D C:\ProgramData\APN
2015-08-06 18:09 - 2012-05-23 16:19 - 00000000 ____D C:\Program Files (x86)\Conduit
2015-08-06 17:30 - 2012-11-03 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-06 17:02 - 2015-06-04 12:48 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2015-08-06 17:01 - 2015-04-07 09:37 - 00000000 ___SD C:\windows\system32\GWX
2015-08-06 16:57 - 2015-06-29 14:47 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000Core.job
2015-08-05 19:43 - 2014-11-22 22:54 - 00001316 _____ C:\Users\Randi\Desktop\Chromecast.lnk
2015-08-05 19:43 - 2014-02-21 09:35 - 00002282 _____ C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-05 19:43 - 2013-11-24 22:19 - 00002094 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-08-05 19:43 - 2013-11-24 22:19 - 00002094 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-08-05 19:43 - 2012-04-25 16:29 - 00000999 _____ C:\Users\Randi\Desktop\CoffeeCup HTML Editor.lnk
2015-08-05 19:43 - 2011-12-19 07:16 - 00001407 _____ C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-05 19:43 - 2011-09-11 22:46 - 00002104 _____ C:\Users\Default\Desktop\OneKey Recovery.lnk
2015-08-05 19:43 - 2011-09-11 22:46 - 00002104 _____ C:\Users\Default User\Desktop\OneKey Recovery.lnk
2015-08-05 19:43 - 2011-09-11 22:44 - 00001140 _____ C:\Users\Default\Desktop\Cyberlink Power2Go.lnk
2015-08-05 19:43 - 2011-09-11 22:44 - 00001140 _____ C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk
2015-08-05 19:40 - 2013-06-20 15:29 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-05 19:08 - 2014-03-27 10:07 - 00032768 ___SH C:\Users\Randi\Documents\Thumbs.db
2015-08-05 18:55 - 2014-12-29 18:46 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-05 18:48 - 2011-02-22 07:19 - 00000000 ____D C:\windows\Panther
2015-08-05 18:41 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-05 18:21 - 2011-12-19 20:11 - 00000000 ____D C:\Users\Randi\AppData\Roaming\FileZilla
2015-08-05 17:47 - 2011-12-19 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-08-05 17:47 - 2011-12-19 20:11 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-08-05 17:45 - 2013-04-13 06:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-05 17:43 - 2014-12-24 01:14 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-05 17:40 - 2012-04-20 09:48 - 00000000 ____D C:\Users\Randi\AppData\Roaming\CoffeeCup Software
2015-08-05 17:35 - 2011-12-19 19:24 - 00000000 ____D C:\Users\Randi\AppData\Local\Google
2015-08-05 17:31 - 2013-12-05 08:22 - 00000000 ___RD C:\Users\Randi\Desktop\Dropbox
2015-08-05 17:30 - 2013-07-05 21:48 - 00000000 ____D C:\Users\Randi\AppData\Roaming\Dropbox
2015-08-05 17:29 - 2012-10-03 09:47 - 00000000 ____D C:\AllShare Play
2015-08-05 17:03 - 2009-07-14 00:45 - 05058936 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-05 16:59 - 2015-04-07 09:37 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-08-05 16:59 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-05 16:58 - 2015-04-16 04:00 - 00000000 ____D C:\windows\system32\appraiser
2015-08-05 16:58 - 2014-04-30 08:50 - 00000000 ___SD C:\windows\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2012-04-30 14:34 - 2012-04-30 15:42 - 0000132 _____ () C:\Users\Randi\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-12-01 14:28 - 2012-12-02 15:28 - 0601088 _____ () C:\Users\Randi\AppData\Roaming\SharedSettings.ccs
2014-05-03 08:42 - 2014-05-03 08:42 - 0000046 _____ () C:\Users\Randi\AppData\Roaming\WB.CFG
2015-08-09 12:51 - 2015-08-09 12:51 - 0205973 _____ () C:\Users\Randi\AppData\Local\ars.cache
2015-08-09 12:52 - 2015-08-09 12:52 - 0347127 _____ () C:\Users\Randi\AppData\Local\census.cache
2014-06-15 07:59 - 2014-09-05 22:14 - 0006144 _____ () C:\Users\Randi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-10 10:36 - 2014-07-10 10:36 - 0000036 _____ () C:\Users\Randi\AppData\Local\housecall.guid.cache
2015-08-09 12:44 - 2015-08-09 12:44 - 0000010 _____ () C:\Users\Randi\AppData\Local\sponge.last.runtime.cache
2014-12-22 09:53 - 2014-12-22 09:53 - 0103749 _____ () C:\Users\Randi\AppData\Local\VZWifiIcon.ico
2012-02-26 16:34 - 2012-02-26 16:34 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Randi\cnmss Canon MG2900 series Printer (Local).dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-15 19:09
ADDITION.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 03
Ran by Randi (2015-08-22 13:04:25)
Running from C:\Users\Randi\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3589389989-654522289-1902932010-500 - Administrator - Disabled)
Guest (S-1-5-21-3589389989-654522289-1902932010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3589389989-654522289-1902932010-1003 - Limited - Enabled)
Randi (S-1-5-21-3589389989-654522289-1902932010-1000 - Administrator - Enabled) => C:\Users\Randi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Disabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1ABC9BD2-7E06-4D70-929B-AC1B6461A8B2}) (Version: 1.3.06 - Samsung)
AllShare Play 1.5.0.1212201836 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1212201836 - Copyright 2012 SAMSUNG)
Amazon Music (HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChromecastApp (HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
CoffeeCup HTML Editor (HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\CoffeeCup HTML Editor) (Version:  - )
CoffeeCup Web Form Builder Lite (HKLM-x32\...\{85DE30D0-AEC8-4799-A56A-14267C421A76}) (Version: 2.3.5152 - CoffeeCup Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dropbox (HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
Evernote v. 5.1 (HKLM-x32\...\{9DF852CA-6831-11E3-AD73-00163E98E7D6}) (Version: 5.1.0.2217 - Evernote Corp.)
FedEx Office Printer (HKLM-x32\...\{5B9AC19C-8519-43A1-9578-49CDA1366E66}) (Version: 1.0.010 - FedEx Office)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Cloud Printer (HKLM-x32\...\{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}) (Version: 28.0.1489.0 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech)
honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)
Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3589389989-654522289-1902932010-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.)
Paperless Printer version 5.3.0.3 (HKLM-x32\...\Paperless Printer_is1) (Version: 5.3.0.3 - Rarefind Engineering Innovations Pvt. Ltd.)
Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.1.0 - UNKNOWN)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.2.12 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Smart PC Recorder - by freebird (HKLM-x32\...\SmartPCRecorder) (Version: 5.0 - Freebird)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Randi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Randi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3589389989-654522289-1902932010-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Randi\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-08-08 15:22 - 00450089 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21EEFD97-A7B3-4259-A619-2879730E3F6D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {2D74607D-0A66-4B13-9151-A20FFBC55E21} - \SUPERAntiSpyware Scheduled Task b12a07c7-6366-437c-a55c-d935ab18356d -> No File <==== ATTENTION
Task: {2EE1DD9B-EEF2-4ADC-A671-AE1AC5D329FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA => C:\Users\Randi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {2F3787B1-46F2-4518-9E27-7FDE14A96DA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {49F727EC-87D2-4F30-B890-0E9BF5AF9B68} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3589389989-654522289-1902932010-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4BF5FEC0-3B64-4F76-988E-1B40D0DFAC2F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000Core => C:\Users\Randi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {56C55919-56D1-4540-A362-905153480A60} - System32\Tasks\{857A5686-DDC7-4F29-86D0-27864EAEA245} => pcalua.exe -a C:\Users\Randi\Desktop\HijackThis.exe -d C:\Users\Randi\Desktop
Task: {617F63BF-9F75-48CC-91D9-C340E77DCDDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000Core => C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {628B1BAC-5F33-466F-A5FD-D6E33D324721} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3589389989-654522289-1902932010-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {67D83A05-5CE1-48CD-AA38-921B1ABF27B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {6E7C8AC3-1AB9-431B-8729-39535DCAE24B} - \SUPERAntiSpyware Scheduled Task 2a22e784-ac5f-4b54-94d1-ea821c232e1b -> No File <==== ATTENTION
Task: {71CF3818-76EE-4A08-BCB7-4477EE534558} - System32\Tasks\JDDFNWGDJL1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: {83D45F2C-5822-4235-8AB4-77EFEFD1F932} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3589389989-654522289-1902932010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {8464F92E-CB8F-4AE2-B503-BCE867FAE5D9} - System32\Tasks\{04272408-16C1-4B22-A1CA-BECE1E5AA6E7} => pcalua.exe -a C:\Users\Randi\Desktop\chromeinstall-8u25.exe -d C:\Users\Randi\Desktop
Task: {9F82A100-25BE-43EA-9B9A-A99DEF5FE6CF} - System32\Tasks\{AB028C8B-B907-43D2-B665-CB3F327E0D93} => pcalua.exe -a C:\Users\Randi\Downloads\CoffeeLockBox4.exe -d C:\Users\Randi\Downloads
Task: {A54DFFFE-CE2C-41B6-84B9-4BC1077AD867} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3589389989-654522289-1902932010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {AF6967A2-30CE-4B15-9E34-B5BD8540B2AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B77380F0-097D-4B28-B458-BF5FFF110E26} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {C1BCDF57-7D75-4F5D-B925-2E5CEAA009CE} - System32\Tasks\{499353EA-46AA-406D-B18C-FF640BC431ED} => pcalua.exe -a C:\Users\Randi\Downloads\QuickTimeInstaller.exe -d C:\Users\Randi\Downloads
Task: {C78C8E33-55ED-462D-8CF2-7E5DDDE5CC4E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {D72268AC-8563-4958-9C25-7D77D4FCD2CA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {E9D6B281-5F3A-4A57-BDD3-6B2813EAAA8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {EB288856-1487-473F-91D6-C209779B9720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {ED1F9DF3-ADC5-421F-8A77-780829C6A1BB} - System32\Tasks\{8BBD2ACF-777A-4A30-81D9-AA110A7B96D4} => pcalua.exe -a "C:\Program Files (x86)\PdaNet for Android\drvins.exe" -d "C:\Program Files (x86)\PdaNet for Android" -c /dd 1
Task: {F0F4AD2D-617F-44C1-B4CF-E7E82ED34B05} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3589389989-654522289-1902932010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F773720D-FF2E-4F24-86FE-CA93E9F3EBB1} - System32\Tasks\{D8F0E1B8-EB98-4264-AF76-1C1D372252BE} => pcalua.exe -a C:\Users\Randi\Downloads\Mp3Activation.exe -d C:\Users\Randi\Downloads
Task: {FD64CA48-E5DC-44D1-8405-CA6C79F716EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA => C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => 0x01060100C971EEEE86EF8D42A1901FA4CCAC1EE046005E020000000000000000200000000014730F000000000313040000248005000000000000000000000000000000000000400043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005500700064006100740065002E0065007800650000002B002F006100750074006F0075007000640061007400650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F007300650020002F006200610063006B00670072006F0075006E006400000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007A00540068006900730020007400610073006B002000770069006C006C00200072006500670075006C00610072006C007900200063006800650063006B00200066006F007200200073006F00660074007700610072006500200075007000640061007400650073002C00200061006E006400200069006E007300740061006C006C00200061006E007900200061007600610069006C00610062006C006500200075007000640061007400650073002C00200074006F00200065006E007300750072006500200079006F00750020006100720065002000770065006C006C002D00700072006F007400650063007400650064002E000000000008000313040000000000010030000000DE0708000F000000000000000B00260000000000000000000000000007000000010000000000000000000000
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000Core.job => C:\Users\Randi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA.job => C:\Users\Randi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000Core.job => C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3589389989-654522289-1902932010-1000UA.job => C:\Users\Randi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\JDDFNWGDJL1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x010601002C32A9E38886D843B121674C1FAB1BB6460044020000000000000000200000000014730F000000000313040000208001000000000000000000000000000000000000420043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001E002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F00730065002000000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DE0708000F0000000000000000001E0000000000000000000000000002000000010008000000000000000000
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => 0x01060100140BD3FC3A591D42809FCF0DCC73867846009A010000000000000000200000000014730F0000000003130400C02080010000000000000000000000000000000000003E0043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005300630061006E002E00650078006500000013002F007300630061006E0020002F0063006C00650061006E0063006C006F00730065002000000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032000000320041002000660075006C006C002000730079007300740065006D0020007300630061006E0020006900730020007200650063006F006D006D0065006E0064006500640020006F006E0063006500200070006500720020006D006F006E00740068002E000000000008000313040000000000010030000000DE0708000F0000000000000000001E000000000000000000000000000300000001000000FF0F000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-13 07:57 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-09 13:32 - 2015-07-09 13:32 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-11 22:34 - 2011-09-11 22:34 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2009-01-21 12:45 - 2009-01-21 12:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2015-07-09 13:32 - 2015-07-09 13:32 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-09-25 08:11 - 2014-09-25 08:11 - 00081056 _____ () C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2015-08-18 15:15 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Randi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-18 15:15 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Randi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7868 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3589389989-654522289-1902932010-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Randi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
MSCONFIG\startupreg: Amazon Music => "C:\Users\Randi\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Randi\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{70D99342-02F2-4D34-B5A4-100D91A93D37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{26398197-CEE1-4829-A23D-CC43E87AFA02}] => (Allow) LPort=2869
FirewallRules: [{ECB7C528-AED6-40DF-A16B-7A88CDAF2A57}] => (Allow) LPort=1900
FirewallRules: [{28061FD8-4A96-436E-9F1B-18EE3F064844}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FF88C330-D6BF-47CB-A40F-0370D4E80035}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0C03FEA5-568D-4E91-95C8-B4EADB5D3835}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C5B9945B-24A5-49CA-8800-46EB8EBB5398}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{25FDF707-EECD-4B00-96B6-0A36A4293F5D}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{37B6BFA0-611E-448E-BFA7-6634DE5D4D30}] => (Allow) LPort=80
FirewallRules: [{A58CC1A3-C261-47B7-B8C7-8446EB4488FB}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{ACC8149C-8D4A-4135-994C-7B036518042C}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{B00755F8-D8A4-4BA7-AB7F-64D318AFA2B4}] => (Allow) LPort=8743
FirewallRules: [{826D9628-520E-4BD8-97B4-B19A03922C1C}] => (Allow) LPort=8643
FirewallRules: [{3751AA38-5D92-407C-8C58-76D5A4D27E54}] => (Allow) LPort=7676
FirewallRules: [{720639C3-660E-42A2-ACC1-41ACDD02A7E7}] => (Allow) LPort=7679
FirewallRules: [{B1BD4DCA-9672-4C0A-B9D0-F1B5F4C8ADD8}] => (Allow) LPort=24234
FirewallRules: [{CC9A8C84-5043-4139-825D-93902703D7A5}] => (Allow) LPort=7900
FirewallRules: [{51702773-2203-43F6-B27A-06E511116CAE}] => (Allow) LPort=1900
FirewallRules: [{4AB288C7-31E0-4B4E-8E58-9B7D980AD1D1}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{CAAE1FAD-BF8B-4E61-8946-8FD15D76957B}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{2288028A-8796-48F1-930C-C0CD27DAF5F3}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{480489C2-E040-402A-AB5B-A293970F7DBA}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{7E2EAE22-ADC3-4B89-827B-049580C347AE}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{7B0F9DE3-1436-4B17-9750-E7AA7FB9FD11}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
FirewallRules: [{487C98BD-4028-4427-86C2-74C224F76CC9}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{DA96D67A-12CC-4D9F-9D2A-4CB895330EF9}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{88467D61-5FCE-4994-93CD-CC66E520D00B}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{0580B6C6-B799-4E0C-9FE8-B443B67F9C5C}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{294CAC0F-A801-476F-AD51-9EC04C0DE5B1}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{0C72B910-422D-48F0-B06F-E44EC45FCD67}] => (Allow) C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
FirewallRules: [{2E8A8FF3-BC9D-4EB5-B81F-9088C5E2DFB5}] => (Allow) C:\Users\Randi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2C2FAA00-A334-4628-9B33-12E58581A061}] => (Allow) C:\Users\Randi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CA897E2F-7A05-41A9-8E93-077E411FB297}C:\users\randi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\randi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{593CB165-0ED6-4389-ACD6-9303DE3CAE17}C:\users\randi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\randi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6CFD4B7F-9B5B-4213-839B-01DF1781CA93}] => (Allow) C:\Users\Randi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{31A84562-1180-416E-A2FC-7BD12CCEAD09}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{DF689C37-2165-46ED-BE34-595471C28565}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EADF3ED2-4324-4904-927A-39BD00674C82}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5ED9CC94-8C1C-4C2E-912B-D294A786E97C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{AEE79500-BF84-4FBC-88BB-0FADEC42ACF8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1953C155-F491-4259-842B-AE54B23F724A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8950A636-6A92-4975-A0C3-F3BF1F5EAF11}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{465E0D2A-7863-4E6A-9DAA-001B33F590EE}] => (Allow) LPort=50000
FirewallRules: [{578DA037-EFC4-413A-BB97-779098C6610A}] => (Allow) LPort=50000
FirewallRules: [{C52FA2EE-B81D-481E-B261-1ECFEFE6023B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61A9F669-4301-4B6C-A0B5-174C3D508E19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E879ACBF-8EF5-45E7-9349-639F4A60A489}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{E81498A2-1D28-4D84-87CD-A40B95547620}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{8FDB9AF4-AC35-4C6C-92D4-B0A03DB6815F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{150D7B68-7718-4ED1-8D80-14F6873E3E58}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BE9FEF71-27E1-449D-9D3F-0012C9AF9C6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1B5DF6FB-4995-4A82-8E37-155C2B44827B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B4EECDE0-C268-48D0-9DFF-7B7DF19BC1EA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A8EA5F0D-A46C-47CB-84E8-991C2E8E5CEA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A17B1CC1-DDAF-4AEA-A0FD-73965410C22E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/22/2015 12:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2015 02:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2015 10:46:37 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/16/2015 10:46:37 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (08/10/2015 04:55:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/10/2015 04:46:16 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/10/2015 04:46:16 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (08/09/2015 12:37:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/09/2015 12:28:05 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/09/2015 12:28:05 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
 
System errors:
=============
Error: (08/22/2015 01:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:01:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:01:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:01:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:00:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/22/2015 01:00:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/22/2015 01:00:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/22/2015 01:00:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
Microsoft Office:
=========================
Error: (08/22/2015 12:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2015 02:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2015 10:46:37 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/16/2015 10:46:37 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (08/10/2015 04:55:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/10/2015 04:46:16 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/10/2015 04:46:16 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (08/09/2015 12:37:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/09/2015 12:28:05 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (08/09/2015 12:28:05 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
 
CodeIntegrity:
===================================
  Date: 2015-08-06 17:26:06.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-06 17:17:18.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-06 17:07:19.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-06 16:57:32.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 19:38:57.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 19:25:54.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 19:07:59.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 18:59:19.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 18:34:25.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 17:47:24.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 4010.14 MB
Available physical RAM: 2932.64 MB
Total Virtual: 8018.49 MB
Available Virtual: 6963.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:347.33 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:22.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7A423615)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End of log ============================


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 24 August 2015 - 03:02 PM

Hi sinnickel.

 

 
Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution. Please uninstall either Microsoft Security Essentials or Spybot S&D.

 

-------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=169365:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":
 

Best buy PC app

Additional instructions can be found here if needed.

 

-----------------

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 sinnickel

sinnickel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 27 August 2015 - 01:07 PM

Here are the logs of the two scans:  

 

# AdwCleaner v5.004 - Logfile created 27/08/2015 at 14:05:11
# Updated 26/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Randi - RANDI-LAPTOP
# Running from : C:\Users\Randi\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : IMService
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\19a87fa1ec024bbcbb41931263354405
Folder Found : C:\Users\Randi\AppData\LocalLow\Conduit
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
File Found : C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Found : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\user.js
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( "hxxp://yourwebing.com/?ssid=1438817972" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( "hxxp://yourwebing.com/?ssid=1438817972" )
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKU\S-1-5-21-3589389989-654522289-1902932010-1000\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-3589389989-654522289-1902932010-1000\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Key Found : HKU\S-1-5-21-3589389989-654522289-1902932010-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Web browsers ] *****
 
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.aflt", "wnzp_14_18_ch");
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCzz0CtDzzyBtD0EtB0EtBtN0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Dzy0E0F0DtD0FtG0DyCtAyCt[...]
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.cr", "1378964342");
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.instlRef", "140305_a");
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("iminent.BirthDate", "1438818170");
[C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\prefs.js] [Preference] Found : user_pref("iminent.cifs", "0");
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : start.iminent.com
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.google.com/favicon.ico","id":"2","image_url":"{google:baseURL}searchbyimage/upload","image_url_post_params":"encoded_image={google:imageThumbnail},image_url={google:imageURL},sbisrc={google:imageSearchSource},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight}","input_encodings":["UTF-8"],"instant_url":"{google:baseURL}webhp?sourceid=chrome-instant&{google:RLZ}{google:forceInstantResults}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}","instant_url_post_params":"","keyword":"google.com","last_modified":"0","new_tab_url":"{google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}","originating_url":"","prepopulate_id":1,"safe_for_autoreplace":true,"search_terms_replacement_key":"espv","search_url_post_params":"","short_name":"Google","suggestions_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}","suggestions_url_post_params":"","synced_guid":"D0407532-320E-95CC-32A8-17C74E8F4443","url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13083291849633593","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","permissions":["webstorePrivate","management","system.cpu","system.display","system.memory","system.network","system.storage"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.134\\resources\\web_store","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067475869602446","lastpingday":"13084700417667502","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en_US","default_locale":"en_US","description":"Create and edit documents ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13081780284404840","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"web_url":"hxxps://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","hxxps://docs.google.com/","hxxps://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"hxxps://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"14.0"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\14.0_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067475874995731","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"boadgeojelhgndaghljhdicfkmllpafd":{"active_permissions":{"api":["cast","cast.streaming","dial","desktopCapturePrivate","identity","mdns","networkingPrivate","storage","tabs","tabCapture","system.cpu"],"explicit_host":["hxxp://*/*","hxxps://clients2.google.com/*"],"manifest_permissions":[],"scriptable_host":["*://*.netflix.com/*/testController.html","*://*.netflix.com/WiPlayer*","*://*.plexapp.com/*","*://*.youtube-nocookie.com/*","*://*.youtube.com/*","*://cloud.real.com/*","*://googlecast.github.io/*","hxxp://*.plex.tv/*","hxxp://*.plex.tv:32400/*","hxxp://live.redbull.tv/*","hxxp://revision3.com/*","hxxp://songza.com/*","hxxp://www.hbogo.com/*","hxxp://www.redbull.tv/*","hxxp://www.vevo.com/*","hxxp://www.viki.com/*","hxxp://www.washingtonpost.com/posttv/*","hxxps://*.plex.tv/*","hxxps://cast.google.com/*","hxxps://docs.google.com/a/*/presentation/*","hxxps://docs.google.com/presentation/*","hxxps://play.google.com/music/*","hxxps://play.google.com/video/avi/*","hxxps://plus.google.com/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cast","dial","mdns","networkingPrivate","storage","tabs","tabCapture","system.cpu"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.netflix.com/WiPlayer*","*://*.plexapp.com/*","*://*.youtube-nocookie.com/*","*://*.youtube.com/*","*://cloud.real.com/*","*://googlecast.github.io/*","hxxp://*.plex.tv/*","hxxp://*.plex.tv:32400/*","hxxp://live.redbull.tv/*","hxxp://revision3.com/*","hxxp://songza.com/*","hxxp://www.hbogo.com/*","hxxp://www.redbull.tv/*","hxxp://www.vevo.com/*","hxxp://www.viki.com/*","hxxp://www.washingtonpost.com/posttv/*","hxxps://*.plex.tv/*","hxxps://cast.google.com/*","hxxps://docs.google.com/*/presentation/*","hxxps://play.google.com/music/*","hxxps://play.google.com/video/avi/*","hxxps://plus.google.com/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13084397678818574","lastpingday":"13084700417667502","location":1,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"data/icon38_off.png","default_popup":"popup_menu.html"},"content_security_policy":"default-src 'self'; img-src 'self' hxxps://www.google-analytics.com hxxp://www.google-analytics.com; style-src 'self' 'unsafe-inline' hxxp://fonts.googleapis.com; script-src 'self' hxxps://feedback.googleusercontent.com hxxps://www.gstatic.com hxxps://www.google.com hxxps://www.google-analytics.com hxxps://ssl.google-analytics.com hxxps://apis.google.com 'sha256-uMbmREEEg59SGWjylssBm_dsS-6PSjzArcm7EDHk7Ac=' 'sha256-RP_HHmqpggRHwKhxGH9Hq4IRL88P0CsOOouABcsJ_Bg=' 'sha256-sHn4ZghcatMg_3zytJcA_5nFXm_B2E7gPNohmnRqlLs='; frame-src hxxps://www.google.com hxxps://accounts.google.com hxxps://content.googleapis.com hxxps://www.googleapis.com; connect-src 'self' hxxp://*:* hxxps://*:* ws://*:*; font-src hxxp://fonts.gstatic.com; object-src 'none';","current_locale":"en_US","default_locale":"en","description":"Send content to your Chromecast and other devices that support Google Cast.","externally_connectable":{"ids":["gdijeikdkaembjbdobgfkoidjkpbmlkd","mjekoljodoiapgkggnlmbecndfpbbcch","llohocloplkbhgcfnplnoficdkiechcn","icljpnebmoleodmchaaajbkpoipfoahp"]},"feedbackBucket":"Production","icons":{"128":"data/icon128.png","16":"data/icon16.png","48":"data/icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3p49puSLQqWRn5jagZXIfOuY+LCUgsD4iDzqt26JAyTjTsHeN2yqOiZL8J+5g35f4G48NlGgMosDzpy8HFvVOVsnRNuKj5oMsqx7/j3GlBpBmb6vEhve9DG4YD0dBAHOy5xxyQVJMO7T+jQdH1+XAdCGZlwGtqV2sIiVgh84ZfwIDAQAB","manifest_version":2,"minimum_chrome_version":"37","name":"Google Cast","oauth2":{"client_id":"919648714761-b2gcrl9iu82luhiq2dpo7jnecikdnrlf.apps.googleusercontent.com","scopes":["hxxps://www.googleapis.com/auth/hangouts","hxxps://www.googleapis.com/auth/hangouts.readonly","hxxps://www.googleapis.com/auth/calendar.readonly","hxxps://www.googleapis.com/auth/userinfo.email","hxxps://www.googleapis.com/auth/clouddevices"]},"options_page":"options.html","permissions":["tabs","tabCapture","dial","mdns","cast","cast.streaming","storage","networkingPrivate","identity","system.cpu","hxxp://*/*","hxxps://clients2.google.com/cr/*","desktopCapturePrivate"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"15.721.0.5","web_accessible_resources":["feedback.html","web_accessible_options.html","cast_sender.js","cast_game_sender.js","api_iframe.html","api_iframe_script.js"]},"path":"boadgeojelhgndaghljhdicfkmllpafd\\15.721.0.5_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072021913683466","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13083291849633593","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","permissions":["webstorePrivate","management","system.cpu","system.display","system.memory","system.network","system.storage"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.134\\resources\\web_store","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067475869602446","lastpingday":"13084700417667502","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en_US","default_locale":"en_US","description":"Create and edit documents ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13081780284404840","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"web_url":"hxxps://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","hxxps://docs.google.com/","hxxps://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"hxxps://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"14.0"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\14.0_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067475874995731","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"boadgeojelhgndaghljhdicfkmllpafd":{"active_permissions":{"api":["cast","cast.streaming","dial","desktopCapturePrivate","identity","mdns","networkingPrivate","storage","tabs","tabCapture","system.cpu"],"explicit_host":["hxxp://*/*","hxxps://clients2.google.com/*"],"manifest_permissions":[],"scriptable_host":["*://*.netflix.com/*/testController.html","*://*.netflix.com/WiPlayer*","*://*.plexapp.com/*","*://*.youtube-nocookie.com/*","*://*.youtube.com/*","*://cloud.real.com/*","*://googlecast.github.io/*","hxxp://*.plex.tv/*","hxxp://*.plex.tv:32400/*","hxxp://live.redbull.tv/*","hxxp://revision3.com/*","hxxp://songza.com/*","hxxp://www.hbogo.com/*","hxxp://www.redbull.tv/*","hxxp://www.vevo.com/*","hxxp://www.viki.com/*","hxxp://www.washingtonpost.com/posttv/*","hxxps://*.plex.tv/*","hxxps://cast.google.com/*","hxxps://docs.google.com/a/*/presentation/*","hxxps://docs.google.com/presentation/*","hxxps://play.google.com/music/*","hxxps://play.google.com/video/avi/*","hxxps://plus.google.com/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cast","dial","mdns","networkingPrivate","storage","tabs","tabCapture","system.cpu"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.netflix.com/WiPlayer*","*://*.plexapp.com/*","*://*.youtube-nocookie.com/*","*://*.youtube.com/*","*://cloud.real.com/*","*://googlecast.github.io/*","hxxp://*.plex.tv/*","hxxp://*.plex.tv:32400/*","hxxp://live.redbull.tv/*","hxxp://revision3.com/*","hxxp://songza.com/*","hxxp://www.hbogo.com/*","hxxp://www.redbull.tv/*","hxxp://www.vevo.com/*","hxxp://www.viki.com/*","hxxp://www.washingtonpost.com/posttv/*","hxxps://*.plex.tv/*","hxxps://cast.google.com/*","hxxps://docs.google.com/*/presentation/*","hxxps://play.google.com/music/*","hxxps://play.google.com/video/avi/*","hxxps://plus.google.com/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13084397678818574","lastpingday":"13084700417667502","location":1,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"data/icon38_off.png","default_popup":"popup_menu.html"},"content_security_policy":"default-src 'self'; img-src 'self' hxxps://www.google-analytics.com hxxp://www.google-analytics.com; style-src 'self' 'unsafe-inline' hxxp://fonts.googleapis.com; script-src 'self' hxxps://feedback.googleusercontent.com hxxps://www.gstatic.com hxxps://www.google.com hxxps://www.google-analytics.com hxxps://ssl.google-analytics.com hxxps://apis.google.com 'sha256-uMbmREEEg59SGWjylssBm_dsS-6PSjzArcm7EDHk7Ac=' 'sha256-RP_HHmqpggRHwKhxGH9Hq4IRL88P0CsOOouABcsJ_Bg=' 'sha256-sHn4ZghcatMg_3zytJcA_5nFXm_B2E7gPNohmnRqlLs='; frame-src hxxps://www.google.com hxxps://accounts.google.com hxxps://content.googleapis.com hxxps://www.googleapis.com; connect-src 'self' hxxp://*:* hxxps://*:* ws://*:*; font-src hxxp://fonts.gstatic.com; object-src 'none';","current_locale":"en_US","default_locale":"en","description":"Send content to your Chromecast and other devices that support Google Cast.","externally_connectable":{"ids":["gdijeikdkaembjbdobgfkoidjkpbmlkd","mjekoljodoiapgkggnlmbecndfpbbcch","llohocloplkbhgcfnplnoficdkiechcn","icljpnebmoleodmchaaajbkpoipfoahp"]},"feedbackBucket":"Production","icons":{"128":"data/icon128.png","16":"data/icon16.png","48":"data/icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3p49puSLQqWRn5jagZXIfOuY+LCUgsD4iDzqt26JAyTjTsHeN2yqOiZL8J+5g35f4G48NlGgMosDzpy8HFvVOVsnRNuKj5oMsqx7/j3GlBpBmb6vEhve9DG4YD0dBAHOy5xxyQVJMO7T+jQdH1+XAdCGZlwGtqV2sIiVgh84ZfwIDAQAB","manifest_version":2,"minimum_chrome_version":"37","name":"Google Cast","oauth2":{"client_id":"919648714761-b2gcrl9iu82luhiq2dpo7jnecikdnrlf.apps.googleusercontent.com","scopes":["hxxps://www.googleapis.com/auth/hangouts","hxxps://www.googleapis.com/auth/hangouts.readonly","hxxps://www.googleapis.com/auth/calendar.readonly","hxxps://www.googleapis.com/auth/userinfo.email","hxxps://www.googleapis.com/auth/clouddevices"]},"options_page":"options.html","permissions":["tabs","tabCapture","dial","mdns","cast","cast.streaming","storage","networkingPrivate","identity","system.cpu","hxxp://*/*","hxxps://clients2.google.com/cr/*","desktopCapturePrivate"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"15.721.0.5","web_accessible_resources":["feedback.html","web_accessible_options.html","cast_sender.js","cast_game_sender.js","api_iframe.html","api_iframe_script.js"]},"path":"boadgeojelhgndaghljhdicfkmllpafd\\15.721.0.5_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072021913683466","lastpingday":"13084700417667502","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.
[C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://start.iminent.com/?appId=b23bfb5d-38bd-41e7-b98c-f42afc6ece5a
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [31650 bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:25-08-2015
Ran by Randi (2015-08-27 14:03:14) Run:2
Running from C:\Users\Randi\Downloads
Loaded Profiles: Randi (Available Profiles: Randi)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
 
==== End of Fixlog 14:03:14 ====


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 28 August 2015 - 01:15 PM

Hi sinnickel.

 

From your logs I saw that you had ran Combofix before, Combofix must be use under supervision of trained helper to avoid damage to your system. Never run it on your own.

 

---------------

 

Cleaning with adwcleaner

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

 

After the cleaning has been finished, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 sinnickel

sinnickel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 29 August 2015 - 09:48 AM

Now Windows never finishes loading and I am still operating in Safe Mode
w/Networking.  Windows would not let me uninstall Best Buy PC app (I have no idea what that is) in Safe Mode, so I'm at a loss as to how to remove it now.  Thank you, I am grateful for your help.

# AdwCleaner v5.004 - Logfile created 29/08/2015 at 09:57:56
# Updated 26/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Randi - RANDI-LAPTOP
# Running from : C:\Users\Randi\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : IMService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\19a87fa1ec024bbcbb41931263354405
[-] Folder Deleted : C:\Users\Randi\AppData\LocalLow\Conduit

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla
Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Randi\AppData\Local\Google\Chrome\User
Data\Default\Local
Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\Randi\AppData\Local\Google\Chrome\User
Data\Default\Local
Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
[-] File Deleted :
C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\pfnurgf4.default\user.js

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted :
HKCU\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted :
HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted : [x64]
HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted :
HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-08-2015
Ran by Randi (2015-08-27 14:03:14) Run:2
Running from C:\Users\Randi\Downloads
Loaded Profiles: Randi (Available Profiles: Randi)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
 

 

==== End of Fixlog 14:03:14 ====


#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 30 August 2015 - 10:44 AM

Hi sinnickel.

 

So, what happened when you start the Windows in normal mode? Are there any error message? Or just stuck? When does it stuck?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 sinnickel

sinnickel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 30 August 2015 - 11:11 AM

When starting Windows in normal mode, it boots up and brings up sign-in screen.  I sign in, and it hangs for a second, then the blue Windows screen appears with "Welcome" and the spinning circle as it loads.  And loads.  The screen flashes to black for a second, then Windows continues to load until the normal desktop appears.  All icons appear, networking behaves as if its searching for a connection ... and if I click on any icon at all on the desktop, nothing happens except the spinning circle which spins indefinitely until I finally give up and turn it off.  So Windows loads, but is never really "there."

 



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 02 September 2015 - 08:03 AM

Hi sinnickel.

 

Please go to Control Panel > Programs and Features, and then uninstall Spybot Search & Destroy. After that please try booting in normal mode again.

Does it stuck at loading this time?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 05 September 2015 - 12:46 AM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 sinnickel

sinnickel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lower Slower Delaware
  • Local time:01:08 PM

Posted 07 September 2015 - 03:01 PM

Sorry for the delay, I had to go out of town and just returned.  I uninstalled Spybot and still have the same issue.  If I boot normally, I have no networking, and I cannot click on any desktop icons.  Rather, I can click on them, but nothing happens.  So I might as well be clicking on a photo instead of a shortcut.  

 

I'm so frustrated!  I can't believe this is happening.  Thank you again for your help.  What now?



#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 08 September 2015 - 12:26 PM

Hi sinnickel.

 

We need to run the SFC /SCANNOW Command

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible.

Note: Be aware that if you have modified your system files as in theming explorer/system files, running sfc /scannow will revert the system files such as explorer.exe back to it's default state.

Note: Make the appropriate backups of your system files that you have modified for theming if you wish to save them before running sfc /scannow.


For Windows Vista / 7:
 

  • Click the Windows "Orb" button.
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator.

 

Next:

  • Copy the following line of text and paste it into the black box.
    (right-click in the black box and choose paste)

    sfc /scannow
  • Press Enter to run the command. 
    Note: This may take a while to finish.
  • If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to.


Retrieving SFC /scannow log

For Windows Vista / 7:
 

  • Click the Windows "Orb" button.
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator.
  • Copy the following line of text and paste it into the black box.
    (right-click in the black box and choose paste)

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Press Enter to run the command.
  • A text file sfcdetails.txt should appear on your desktop. Post the content of the file in your next reply.

----------------

 

After the scan has been completed, please create a new FRST log for me. But this time please select addition.txt box before you start the scan.

FRST will create 2 log files, please copy and paste both into your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:08 AM

Posted 12 September 2015 - 12:31 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:08 PM

Posted 16 September 2015 - 03:02 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users