Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Complete mess


  • This topic is locked This topic is locked
54 replies to this topic

#1 toomuch1

toomuch1

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 30 August 2015 - 07:44 PM

Folks have a HP laptop completely full of virus's malware you name it.  They simply bought a new one as they didn't know better or where to start.  I have now inherited this POS. Any help on cleaning this would be most appreciated.  Spent 2 hours removing programs that looked like malware.  Now what?  Biggest complaints is that it takes for ever to load pages and simply booting up the system takes painfully long

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2015
Ran by Schuler (administrator) on SCHULER-PC (30-08-2015 21:10:52)
Running from C:\Users\Schuler\Downloads
Loaded Profiles: Schuler (Available Profiles: Schuler)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\YouTube Downloader Services\P6\youtubeserv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CartCrunch Israel Ltd.) C:\ProgramData\PicColor Utility\ColorMedia.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avscan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Schuler\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\RunOnce: [Adobe Speed Launcher] => 1440977443
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-07-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3414952672-4210971663-2880256135-1000] => http://wpad.wildblue.com/wpad.dat
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168 2015-01-29] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168 2015-01-29] (CartCrunch Israel Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\ColorMedia.dll [301168 2015-01-29] (CartCrunch Israel Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\ColorMedia.dll [301168 2015-01-29] (CartCrunch Israel Ltd.)
Winsock: Catalog9 07 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 34 C:\Windows\system32\ColorMedia.dll [301168 2015-01-29] (CartCrunch Israel Ltd.)
Winsock: Catalog9 35 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-08-30] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{3FF3BBE2-486F-4C4D-BA82-376F2B16C76E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8F7A5DEA-70C5-49F1-BB7D-18DFAA1B2FBE}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
URLSearchHook: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -  No File
URLSearchHook: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -  No File
URLSearchHook: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
URLSearchHook: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F223CEA8-B282-42F0-AF2A-78F54E066C39} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {166656A1-9437-4096-B5C3-E014872B6220} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=90693170-FD5F-4990-9F9F-8C88B2287379&apn_sauid=3E507B36-DF12-4424-A29A-2C811BF69ACE
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {23E550C6-11D1-4412-9BFE-3EBCC93E7CE4} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {286B8D1C-B5BB-416F-9345-C63C50B023CA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {38B6B68D-A539-4F16-A3F3-917295B10D47} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {6A263946-6A77-41FF-BB84-60B5D1E14914} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {93C55396-0D8E-4C41-A983-22835AF7BE18} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333855&octid=EB_ORIGINAL_CTID&ISID=M561A7C82-9C89-414C-8691-6FE132D32CF7&SearchSource=58&CUI=&UM=8&UP=SP7A9A94C8-EF90-43B2-8CC2-80AB4B86B45E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {C59E0AC6-FB34-4BC6-8A34-987413390168} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {E98B545E-2F51-450C-8796-84EF316F9CA5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,18,0
BHO: No Name -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} ->  No File
BHO: BlockAndSurf -> {1B75FDE9-A250-DF68-EAAA-A78DDC1F49AC} -> C:\Program Files\ver7BlockAndSurf\184.dll No File
BHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} ->  No File
BHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} ->  No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: No Name -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-27] (Oracle Corporation)
BHO: No Name -> {dc9051c2-8f55-479a-97a4-747980d9047f} ->  No File
BHO: No Name -> {df22384f-cf68-4d19-969f-10423715528b} ->  No File
Toolbar: HKLM - No Name - {f20de5e0-2a6e-4c54-985f-1cf59551ce39} -  No File
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default
FF NewTab: hxxps://us.search.yahoo.com/yhs/web?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_NT,205,0_0,NewTab,20150105,20031,0,UN,4752
FF DefaultSearchEngine: StartWeb
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: Ask.com
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20150105,20031,0,18,0
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,localhost"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-30] ()
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll [2013-01-16] (FilmFanatic)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14\bar\2.bin\NP14Stub.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3414952672-4210971663-2880256135-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schuler\AppData\Local\Citrix\Plugins\79\npappdetector.dll [2012-11-19] (Citrix Online)
FF user.js: detected! => C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\user.js [2015-01-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Schuler\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-10-04] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\ask-web-search.xml [2013-07-03]
FF SearchPlugin: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\askcom.xml [2012-12-10]
FF SearchPlugin: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\my-web-search.xml [2014-04-30]
FF SearchPlugin: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\trovi-search.xml [2015-01-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\StartWeb.xml [2014-12-30]
FF Extension: Avira Browser Safety - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\abs@avira.com [2015-08-30]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: Yahoo! Toolbar - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-03-27]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\Firefox\Extensions: [{CA8095F7-A541-BF2F-E153-CB26E5D5B2CD}] - C:\Program Files\ver7BlockAndSurf\184.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74
CHR StartupUrls: Default -> "hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74", "hxxp://www.trovi.com/?gd=&ctid=CT3333855&octid=EB_ORIGINAL_CTID&ISID=M561A7C82-9C89-414C-8691-6FE132D32CF7&SearchSource=55&CUI=&UM=8&UP=SP7A9A94C8-EF90-43B2-8CC2-80AB4B86B45E&SSPV="
CHR DefaultSearchKeyword: Default -> start.iminent.com
CHR DefaultSearchURL: Default -> http://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74&ref=toolbox&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Schuler\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-23]
CHR Extension: (YouTube) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Cast) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-19]
CHR Extension: (Google Search) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (No Name) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcieafjnilelgbjbbonlplhkfokfmipg [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Gmail) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1212048 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-24] () [File not signed]
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-24] () [File not signed]
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [148992 2006-12-12] (Conexant Systems Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-08-06] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 21:12 - 2015-08-30 21:12 - 00048896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bjfyttfv.sys
2015-08-30 21:10 - 2015-08-30 21:14 - 00029727 _____ C:\Users\Schuler\Downloads\FRST.txt
2015-08-30 21:10 - 2015-08-30 21:11 - 00000000 ____D C:\FRST
2015-08-30 21:09 - 2015-08-30 21:09 - 01690624 _____ (Farbar) C:\Users\Schuler\Downloads\FRST(1).exe
2015-08-30 21:05 - 2015-08-30 21:06 - 01690624 _____ (Farbar) C:\Users\Schuler\Downloads\FRST.exe
2015-08-30 18:42 - 2015-08-30 18:43 - 00003442 _____ C:\Windows\DPINST.LOG
2015-08-30 10:09 - 2015-08-30 10:09 - 18744520 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-08-30 10:04 - 2015-08-30 10:04 - 00000000 ____D C:\ProgramData\{10808eb9-51d1-d43a-1080-08eb951d3ae5}
2015-08-30 09:48 - 2015-08-30 09:48 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Avira
2015-08-30 09:33 - 2015-08-06 20:58 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-08-30 09:26 - 2015-08-30 19:57 - 00001947 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 09:25 - 2015-08-30 09:25 - 00000000 ____D C:\ProgramData\Radio
2015-08-30 09:25 - 2015-08-30 09:25 - 00000000 ____D C:\ProgramData\Gniaawraihxu
2015-08-30 09:16 - 2015-08-30 18:45 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e32e7dae6a08.job
2015-08-30 09:16 - 2015-08-30 09:16 - 00000000 ____D C:\Program Files\GUMEDA8.tmp
2015-08-30 09:14 - 2015-08-30 09:15 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws (1).exe
2015-08-30 09:13 - 2015-08-30 09:13 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws.exe
2015-08-30 08:53 - 2015-08-30 08:53 - 00000959 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-30 08:52 - 2015-08-30 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-30 08:51 - 2015-08-30 09:40 - 00000000 ____D C:\ProgramData\Avira
2015-08-30 08:51 - 2015-08-30 09:29 - 00000000 ____D C:\Program Files\Avira
2015-08-30 08:50 - 2015-08-30 08:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-30 08:47 - 2015-08-30 08:48 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 21:12 - 2015-01-02 22:43 - 00000000 ____D C:\ProgramData\Optimizer
2015-08-30 20:25 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 20:25 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 20:09 - 2007-05-26 23:43 - 01376407 _____ C:\Windows\WindowsUpdate.log
2015-08-30 19:20 - 2011-10-17 18:26 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 19:19 - 2011-09-28 13:30 - 00000000 ____D C:\Program Files\Citrix
2015-08-30 19:14 - 2015-01-29 20:14 - 00005820 _____ C:\Windows\Tasks\e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-6.job
2015-08-30 19:14 - 2015-01-29 20:14 - 00005476 _____ C:\Windows\Tasks\e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-7.job
2015-08-30 19:14 - 2015-01-29 20:14 - 00002412 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-2.job
2015-08-30 19:14 - 2015-01-29 20:13 - 00003750 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-1.job
2015-08-30 19:13 - 2015-01-29 20:13 - 00004798 _____ C:\Windows\Tasks\e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-11.job
2015-08-30 19:13 - 2015-01-29 20:13 - 00004460 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-4.job
2015-08-30 19:13 - 2015-01-29 20:13 - 00002070 _____ C:\Windows\Tasks\e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-10_user.job
2015-08-30 19:12 - 2015-01-29 20:11 - 00005828 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-6.job
2015-08-30 19:11 - 2015-01-29 20:11 - 00005484 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-7.job
2015-08-30 19:11 - 2015-01-29 20:10 - 00005486 _____ C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-11.job
2015-08-30 19:09 - 2012-04-23 09:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 18:51 - 2009-07-20 22:50 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-30 18:51 - 2006-12-18 00:09 - 00000000 ____D C:\Program Files\Yahoo!
2015-08-30 18:47 - 2013-05-28 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-30 18:35 - 2015-01-29 20:33 - 00000000 ____D C:\Program Files\Driver Updater
2015-08-30 18:34 - 2011-10-17 18:26 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 18:33 - 2006-11-02 05:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-30 18:25 - 2014-10-08 19:43 - 00129294 _____ C:\Windows\PFRO.log
2015-08-30 18:25 - 2007-05-28 08:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-30 18:25 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 18:22 - 2006-12-17 23:05 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-30 18:22 - 2006-11-02 08:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-30 18:20 - 2015-01-29 13:10 - 00000000 ____D C:\ProgramData\PicColorData
2015-08-30 18:07 - 2015-01-02 22:46 - 00000000 ____D C:\Program Files\Opera
2015-08-30 18:06 - 2015-01-02 22:51 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Opera Software
2015-08-30 18:06 - 2015-01-02 22:51 - 00000000 ____D C:\Users\Schuler\AppData\Local\Opera Software
2015-08-30 10:09 - 2012-04-23 09:43 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-30 10:09 - 2011-05-26 17:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-30 09:26 - 2011-10-17 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-30 09:26 - 2011-05-07 09:21 - 00000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-30 09:26 - 2008-06-21 10:29 - 00001568 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-30 09:26 - 2007-05-26 23:23 - 00000831 _____ C:\Users\Schuler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 09:22 - 2015-01-02 22:45 - 00000000 ____D C:\Program Files\Windows Network Accelerater
2015-08-30 09:21 - 2015-01-29 13:10 - 00005280 _____ C:\Windows\system32\ColorMedia.ini
2015-08-30 09:21 - 2015-01-29 13:10 - 00002880 _____ C:\Windows\system32\ColorMediaOff.ini
2015-08-30 09:21 - 2015-01-02 22:45 - 00000000 ____D C:\ProgramData\Windows VXM
2015-08-30 08:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tracing
2015-08-30 08:22 - 2012-02-04 14:14 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Skype
2015-08-30 08:17 - 2009-11-26 09:14 - 00000000 ____D C:\Windows\pss
2015-08-30 08:09 - 2015-01-29 23:49 - 00000444 ____H C:\Windows\Tasks\Norton Security Scan for Schuler.job

==================== Files in the root of some directories =======

2012-06-20 10:40 - 2012-06-20 10:40 - 0000288 _____ () C:\Users\Schuler\AppData\Roaming\.backup.dm
2007-08-26 13:12 - 2014-04-10 13:20 - 0000360 _____ () C:\Users\Schuler\AppData\Roaming\wklnhst.dat
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\AtStart.txt
2007-05-28 07:22 - 2015-01-21 15:32 - 0001356 _____ () C:\Users\Schuler\AppData\Local\d3d9caps.dat
2007-05-26 11:07 - 2014-10-05 11:42 - 0006656 _____ () C:\Users\Schuler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\DSwitch.txt
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\QSwitch.txt
2013-03-27 21:49 - 2013-03-27 21:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2007-10-03 20:02 - 2013-03-28 06:59 - 0052377 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Schuler\AppData\Local\Temp\avgnt.exe
C:\Users\Schuler\AppData\Local\Temp\IadHide5.dll
C:\Users\Schuler\AppData\Local\Temp\installer.exe
C:\Users\Schuler\AppData\Local\Temp\nsuF3B.exe
C:\Users\Schuler\AppData\Local\Temp\setupA9_.exe
C:\Users\Schuler\AppData\Local\Temp\SymCCIS.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-30 18:49

==================== End of FRST.txt ============================

Attached Files


Edited by toomuch1, 30 August 2015 - 09:31 PM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 31 August 2015 - 04:33 AM

Hello Complete mess and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Malwarebytes’ Anti-Malware

You mentioned that you downloaded Malwarebytes: if you no longer have it, you can download it again from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with next post:

AdwCleaner log
JRT.txt
Mbam.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 07:34 AM

Could you tell me the extent of how bad things are.  Should I be copy and pasting or attaching these reports?

 

 

# AdwCleaner v5.004 - Logfile created 31/08/2015 at 07:20:11
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Schuler - SCHULER-PC
# Running from : C:\Users\Schuler\Desktop\adwcleaner_5.004.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : ColorMedia
[-] Service Deleted : globalUpdatem

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\topdeal
[-] Folder Deleted : C:\Program Files\ProeShoppeRR
[-] Folder Deleted : C:\Program Files\saveietkeep
[!] Folder Not Deleted : C:\Program Files\toPDeal
[-] Folder Deleted : C:\Program Files\FilmFanaticEI
[-] Folder Deleted : C:\Program Files\MapsGalaxy_39
[-] Folder Deleted : C:\Program Files\TotalRecipeSearch_14
[-] Folder Deleted : C:\Program Files\WeatherBlink
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\PicColor Utility
[-] Folder Deleted : C:\ProgramData\PicColorData
[-] Folder Deleted : C:\ProgramData\radio
[-] Folder Deleted : C:\ProgramData\7343928437640776674
[-] Folder Deleted : C:\ProgramData\b56cf4adaac246968dfa350519c41346
[-] Folder Deleted : C:\ProgramData\{10808eb9-51d1-d43a-1080-08eb951d3ae5}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
[-] Folder Deleted : C:\Users\Schuler\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Schuler\AppData\Local\TotalRecipeSearch_14
[-] Folder Deleted : C:\Users\Schuler\AppData\Local\WeatherBlink
[-] Folder Deleted : C:\Users\Schuler\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Schuler\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Schuler\AppData\LocalLow\MapsGalaxy_39
[-] Folder Deleted : C:\Users\Schuler\AppData\LocalLow\TotalRecipeSearch_14
[-] Folder Deleted : C:\Users\Schuler\AppData\LocalLow\WeatherBlink
[-] Folder Deleted : C:\Users\Schuler\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\MapsGalaxy_39
[-] Folder Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\TotalRecipeSearch_14
[-] Folder Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\speed browser

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml
[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage-journal
[-] File Deleted : C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
[-] File Deleted : C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] File Deleted : C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage
[-] File Deleted : C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
[-] File Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\Askcom.xml
[-] File Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\ask-web-search.xml
[-] File Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\my-web-search.xml
[-] File Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\searchplugins\trovi-search.xml
[-] File Deleted : C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\user.js
[-] File Deleted : C:\Users\Schuler\Desktop\Continue Live Installation.lnk
[-] File Deleted : C:\Users\Schuler\Desktop\Live PC Help.lnk
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\system32\ColorMedia.dll
[-] File Deleted : C:\Windows\system32\ColorMediaOff.ini
[-] File Deleted : C:\Windows\system32\sasnative32.exe

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : Optimizer Pro Schedule
[-] Task Deleted : ShopperPro
[-] Task Deleted : ShopperProJSUpd
[-] Task Deleted : SPDriver
[-] Task Deleted : BlockAndSurf Update
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-1
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-11
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-2
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-4
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-5
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-6
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-7
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-10_user
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-11
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-4
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-6
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-7
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-1
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-11
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-2
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-4
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-6
[-] Task Deleted : 3527e7d5-2372-4791-b338-633fa4ba4bed-7
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-10_user
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-11
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-4
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-6
[-] Task Deleted : e680babb-a9c0-4db6-83f3-0db5cd6b6c0d-7
[-] Task Deleted : SPBIW_UpdateTask_Time_343238373532383635322d3437415a556c2a3223346c41
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [3D BubbleSound]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.DynamicBarButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.DynamicBarButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SkinLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SkinLauncher.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SkinLauncherSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SkinLauncherSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.UrlAlertButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.UrlAlertButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.XMLSessionPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.XMLSessionPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.DynamicBarButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.DynamicBarButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SkinLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SkinLauncher.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SkinLauncherSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SkinLauncherSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ToolbarProtector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.UrlAlertButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.UrlAlertButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.XMLSessionPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.XMLSessionPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.DynamicBarButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.DynamicBarButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SkinLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SkinLauncher.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SkinLauncherSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.SkinLauncherSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.ToolbarProtector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.UrlAlertButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.UrlAlertButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.XMLSessionPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\WeatherBlink.XMLSessionPlugin.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Ge-Force-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\2c01fb4f-f853-49d2-b9df-4d9612f9573c
[-] Key Deleted : HKLM\SOFTWARE\3574cf68-d39c-43f8-8587-0ee4e562566c
[-] Key Deleted : HKLM\SOFTWARE\4f8cbd51-7067-7aa1-b3df-947003a43d9b
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehhlaekjfiiojlddgndcnefflngfmhen
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggebenakhmhfdkmkemdmllecchcldgec
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{076c037f-c081-4fd9-a82a-fd4f00a419e9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E312F16-CE94-40FE-97BE-043D900FC159}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644974495}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5081D2D4-1637-404C-B74F-50526718257D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076c037f-c081-4fd9-a82a-fd4f00a419e9}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8873436a-5eb5-48fd-aa7c-4430e6beb553}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\.DEFAULT\Software\Browser
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Ge-Force
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKCU\Software\Browser
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Ge-Force
[-] Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TotalRecipeSearch_14
[-] Key Deleted : HKCU\Software\AppDataLow\Software\WeatherBlink
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\SpeedBrowser
[-] Key Deleted : HKLM\SOFTWARE\PicColor Utility
[-] Key Deleted : HKLM\SOFTWARE\DesktopTemperature
[-] Key Deleted : HKLM\SOFTWARE\FilmFanaticEI
[-] Key Deleted : HKLM\SOFTWARE\MapsGalaxy_39
[-] Key Deleted : HKLM\SOFTWARE\TotalRecipeSearch_14
[-] Key Deleted : HKLM\SOFTWARE\WeatherBlink
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PicColor Utility
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Internet Explorer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBlinkbar Uninstall Internet Explorer
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Internet Explorer
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBlinkbar Uninstall Internet Explorer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperPro
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam Web Enhancer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PicColor Utility
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall Internet Explorer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TotalRecipeSearch_14bar Uninstall Internet Explorer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherBlinkbar Uninstall Internet Explorer
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall Internet Explorer
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherBlinkbar Uninstall Internet Explorer
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Ge-Force
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\AppDataLow\Software\BlockAndSurf
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\AppDataLow\Software\Ge-Force
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\AppDataLow\Software\MapsGalaxy_39
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\AppDataLow\Software\TotalRecipeSearch_14
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\AppDataLow\Software\WeatherBlink
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Ge-Force
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{166656A1-9437-4096-B5C3-E014872B6220}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A263946-6A77-41FF-BB84-60B5D1E14914}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\SearchScopes\{166656A1-9437-4096-B5C3-E014872B6220}
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Data Restored : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A263946-6A77-41FF-BB84-60B5D1E14914}
[!] Key Not Deleted : HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}

***** [ Web browsers ] *****

[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.2", "Ask.com");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=140C2189-C3B3-45E1-AEB8-CFDE7F5AAAE2&n=77fd03f0&p2=^XN^xdm002^YYA^us&si=CKGVso3alLgCFcZAMgodsRAAB[...]
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.hp.enabled", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.contextKey", "");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2013070320");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "^XN^xdm002^YYA^us");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "CKGVso3alLgCFcZAMgodsRAABQ");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "140C2189-C3B3-45E1-AEB8-CFDE7F5AAAE2");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1373057957873");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", true);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.searchHistory", "beef tenderloin recipes");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "54601");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.BirthDate", "1420256448");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.adapters", "{\"www.pc-notifications.com\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\"[...]
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.enableToolbar", "true");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.enabledAds", "obsolete");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.imitinjs.info/imitin/javascript.js\",\"urlhxxp[...]
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.newtabredirect", "true");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.nomsi", "true");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.searchindex", "1");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.version", "8.45.2.1");
[-] [C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\prefs.js] [Preference] Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1420256758613,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaojmikegpiepcfdkkjaplodkpfmlo
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.iminent.com/Content/Images/favicon.ico?2fdde4
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74&ref=toolbox&q={searchTerms}
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74
[-] [C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://start.iminent.com/?appId=A39C9527-F9FE-4AED-9D1D-A7B2EC4A5A74", "hxxp://www.trovi.com/?gd=&ctid=CT3333855&octid=EB_ORIGINAL_CTID&ISID=M561A7C82-9C89-414C-8691-6FE132D32CF7&SearchSource=55&CUI=&UM=8&UP=SP7A9A94C8-EF90-43B2-8CC2-80AB4B86B45E&SSPV=

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [37486 bytes] ##########



#4 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 07:57 AM

Here is the JRT results.  Updated see below


Edited by toomuch1, 31 August 2015 - 08:40 AM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 31 August 2015 - 08:09 AM

Hi toomuch1 and apologies the the wrong name in my first reply. :oopsign:

 

 

Could you tell me the extent of how bad things are.

 

As you can see from running that one program, a LOT of rubbish was cleared up. Just how bad things are remains to be seen after we run some more scans.

 

I'm afraid that malware removal can be a tiresome old process when there are a lot of infections but we should be able to sort it out.

 

You posted the AdwCleaner log twice. Please post the JRT.txt log and the result of the Malwarebytes scan.

 

Thanks.

 

BTW, copying/pasting them in to the post is our preferred way of getting logs so you are doing fine.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 08:39 AM

Sorry for the confusion.  Here is the JRT file

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by Schuler on Mon 08/31/2015 at  7:49:32.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\Tasks\3527e7d5-2372-4791-b338-633fa4ba4bed-5.job

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1B75FDE9-A250-DF68-EAAA-A78DDC1F49AC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622972295}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{dc9051c2-8f55-479a-97a4-747980d9047f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655975595}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666976695}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93C55396-0D8E-4C41-A983-22835AF7BE18}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655975595}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666976695}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B75FDE9-A250-DF68-EAAA-A78DDC1F49AC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc9051c2-8f55-479a-97a4-747980d9047f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Schuler\Appdata\Local\{2BC984CC-B8A9-4C21-B96F-C8978E4E99DE}
Successfully deleted: [Empty Folder] C:\Users\Schuler\Appdata\Local\{7B46AEDF-6FAE-477F-8EAE-EEB750980146}
Successfully deleted: [Empty Folder] C:\Users\Schuler\Appdata\Local\{7B615F76-333F-425D-8B6B-D6C8176AFC9C}
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Schuler\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Schuler\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Schuler\Appdata\LocalLow\company

 

~~~ FireFox

Successfully deleted the following from C:\Users\Schuler\AppData\Roaming\mozilla\firefox\profiles\siiuku1p.default\prefs.js

user_pref(browser.search.defaultenginename, StartWeb);
Emptied folder: C:\Users\Schuler\AppData\Roaming\mozilla\firefox\profiles\siiuku1p.default\minidumps [242 files]

 

~~~ Chrome

[C:\Users\Schuler\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Schuler\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Schuler\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Schuler\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/31/2015 at  7:55:09.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 31 August 2015 - 08:51 AM

Thanks for that log.

 

I have to pop out now for a while but will look for the Mbam log when I get back and send new instructions.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 09:14 AM

It says I have 2 files.   Scan log and Protection log.

 

This is scan log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/31/2015
Scan Time: 8:02:31 AM
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.31.01
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Schuler

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330656
Time Elapsed: 44 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#9 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 09:15 AM

Protection log

 

****Please note, when I restart my computer, after it prompts for my password, it's taking exceptionaly long (3-4 minutes) for my desktop to come up.  It hangs and only a blackscreen appears during this time, instead of the desktop coming up.   Also alot of clocking to open IE and any applications*******  Perhaps something else needs  to be looked at?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Update, Bad md5 or size: akadomains, 11,
Error, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Update, Bad md5 or size: akaips, 11,
Update, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 8/31/2015 8:02:06 AM, SYSTEM, SCHULER-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 8/31/2015 8:02:07 AM, SYSTEM, SCHULER-PC, Manual, AKA IP Database, 0.0.0.0, 2015.8.29.1,
Update, 8/31/2015 8:02:07 AM, SYSTEM, SCHULER-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.8.29.1,
Update, 8/31/2015 8:02:15 AM, SYSTEM, SCHULER-PC, Manual, Malware Database, 2015.6.3.3, 2015.8.31.1,
Error, 8/31/2015 8:57:10 AM, SYSTEM, SCHULER-PC, Protection, IsLicensed, 13,
Protection, 8/31/2015 8:57:10 AM, SYSTEM, SCHULER-PC, Protection, Malware Protection, Stopping,
Protection, 8/31/2015 8:57:10 AM, SYSTEM, SCHULER-PC, Protection, Malware Protection, Stopped,

(end)


Edited by toomuch1, 31 August 2015 - 09:20 AM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 31 August 2015 - 02:09 PM

Feel free to use your computer this evening – all I ask is to only make changes or run scans when asked.

Please run these when you are ready.

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

aswMBR log
New FRST log
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 03:31 PM

Thank you for the quicky reply.  See below

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-08-31 14:42:08
-----------------------------
14:42:08.780    OS Version: Windows 6.0.6002 Service Pack 2
14:42:08.780    Number of processors: 2 586 0xF06
14:42:08.782    ComputerName: SCHULER-PC  UserName: Schuler
14:42:17.921    Initialize success
14:42:22.588    VM: initialized successfully
14:42:22.591    VM: Intel CPU virtualization not supported
14:43:33.466    AVAST engine defs: 15083101
14:43:43.930    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:43:43.934    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7BP Size: 152627MB BusType: 3
14:43:44.220    Disk 0 MBR read successfully
14:43:44.225    Disk 0 MBR scan
14:43:44.489    Disk 0 unknown MBR code
14:43:44.497    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       145910 MB offset 63
14:43:44.573    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         6714 MB offset 298825065
14:43:44.631    Disk 0 scanning sectors +312576705
14:43:45.045    Disk 0 scanning C:\Windows\system32\drivers
14:44:58.211    Service scanning
14:45:41.645    Service MpKsl5f01482f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7009D28A-C84A-4CCE-B19E-ADB12FF985FA}\MpKsl5f01482f.sys **LOCKED** 32
14:46:33.461    Modules scanning
14:46:33.470    Disk 0 trace - called modules:
14:46:33.566    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll
14:46:33.571    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655aac8]
14:46:33.575    3 CLASSPNP.SYS[88fa58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85df8030]
14:46:36.001    AVAST engine scan C:\Windows
14:46:47.245    AVAST engine scan C:\Windows\system32
14:55:10.577    AVAST engine scan C:\Windows\system32\drivers
14:55:52.473    AVAST engine scan C:\Users\Schuler
15:08:15.808    Disk 0 MBR has been saved successfully to "C:\Users\Schuler\Desktop\MBR.dat"
15:08:15.965    The log file has been saved successfully to "C:\Users\Schuler\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-08-31 14:42:08
-----------------------------
14:42:08.780    OS Version: Windows 6.0.6002 Service Pack 2
14:42:08.780    Number of processors: 2 586 0xF06
14:42:08.782    ComputerName: SCHULER-PC  UserName: Schuler
14:42:17.921    Initialize success
14:42:22.588    VM: initialized successfully
14:42:22.591    VM: Intel CPU virtualization not supported
14:43:33.466    AVAST engine defs: 15083101
14:43:43.930    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:43:43.934    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7BP Size: 152627MB BusType: 3
14:43:44.220    Disk 0 MBR read successfully
14:43:44.225    Disk 0 MBR scan
14:43:44.489    Disk 0 unknown MBR code
14:43:44.497    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       145910 MB offset 63
14:43:44.573    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         6714 MB offset 298825065
14:43:44.631    Disk 0 scanning sectors +312576705
14:43:45.045    Disk 0 scanning C:\Windows\system32\drivers
14:44:58.211    Service scanning
14:45:41.645    Service MpKsl5f01482f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7009D28A-C84A-4CCE-B19E-ADB12FF985FA}\MpKsl5f01482f.sys **LOCKED** 32
14:46:33.461    Modules scanning
14:46:33.470    Disk 0 trace - called modules:
14:46:33.566    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll
14:46:33.571    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655aac8]
14:46:33.575    3 CLASSPNP.SYS[88fa58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85df8030]
14:46:36.001    AVAST engine scan C:\Windows
14:46:47.245    AVAST engine scan C:\Windows\system32
14:55:10.577    AVAST engine scan C:\Windows\system32\drivers
14:55:52.473    AVAST engine scan C:\Users\Schuler
15:08:15.808    Disk 0 MBR has been saved successfully to "C:\Users\Schuler\Desktop\MBR.dat"
15:08:15.965    The log file has been saved successfully to "C:\Users\Schuler\Desktop\aswMBR.txt"
15:08:30.909    Disk 0 MBR has been saved successfully to "C:\Users\Schuler\Desktop\MBR.dat"
15:08:30.917    The log file has been saved successfully to "C:\Users\Schuler\Desktop\aswMBR.txt"

 


 


Edited by toomuch1, 31 August 2015 - 03:35 PM.


#12 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 03:33 PM

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Schuler (administrator) on SCHULER-PC (31-08-2015 15:12:14)
Running from C:\Users\Schuler\Desktop
Loaded Profiles: Schuler (Available Profiles: Schuler)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\RunOnce: [Adobe Speed Launcher] => 1441049956
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3414952672-4210971663-2880256135-1000] => http://wpad.wildblue.com/wpad.dat
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{3FF3BBE2-486F-4C4D-BA82-376F2B16C76E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8F7A5DEA-70C5-49F1-BB7D-18DFAA1B2FBE}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F223CEA8-B282-42F0-AF2A-78F54E066C39} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> DefaultScope {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {23E550C6-11D1-4412-9BFE-3EBCC93E7CE4} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {286B8D1C-B5BB-416F-9345-C63C50B023CA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {38B6B68D-A539-4F16-A3F3-917295B10D47} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {C59E0AC6-FB34-4BC6-8A34-987413390168} URL = hxxp://www.flickr.com/search/?q={searchTerms}
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-27] (Oracle Corporation)
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default
FF NewTab: hxxps://us.search.yahoo.com/yhs/web?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_NT,205,0_0,NewTab,20150105,20031,0,UN,4752
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF SearchEngineOrder.1: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20150105,20031,0,18,0
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,localhost"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-30] ()
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3414952672-4210971663-2880256135-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schuler\AppData\Local\Citrix\Plugins\79\npappdetector.dll [2012-11-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Schuler\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-10-04] (Cisco WebEx LLC)
FF Extension: Avira Browser Safety - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\abs@avira.com [2015-08-30]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-03-27]
FF Extension: No Name - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]

Chrome:
=======
CHR Profile: C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-23]
CHR Extension: (YouTube) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Cast) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-19]
CHR Extension: (Google Search) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (No Name) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcieafjnilelgbjbbonlplhkfokfmipg [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Gmail) - C:\Users\Schuler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1212048 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-24] () [File not signed]
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-24] () [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-08-06] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [148992 2006-12-12] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl5f01482f; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7009D28A-C84A-4CCE-B19E-ADB12FF985FA}\MpKsl5f01482f.sys [39168 2015-08-31] (Microsoft Corporation)
R1 MpKslcec070b9; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7009D28A-C84A-4CCE-B19E-ADB12FF985FA}\MpKslcec070b9.sys [39168 2015-08-31] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-08-06] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 aswMBR; \??\C:\Users\Schuler\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Schuler\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 15:12 - 2015-08-31 15:13 - 00018636 _____ C:\Users\Schuler\Desktop\FRST.txt
2015-08-31 15:10 - 2015-08-31 15:10 - 01690624 _____ (Farbar) C:\Users\Schuler\Desktop\FRST.exe
2015-08-31 15:08 - 2015-08-31 15:08 - 00004267 _____ C:\Users\Schuler\Desktop\aswMBR.txt
2015-08-31 15:08 - 2015-08-31 15:08 - 00000512 _____ C:\Users\Schuler\Desktop\MBR.dat
2015-08-31 14:34 - 2015-08-31 14:35 - 00142672 _____ C:\Windows\Minidump\Mini083115-01.dmp
2015-08-31 14:17 - 2015-08-31 14:19 - 05198336 _____ (AVAST Software) C:\Users\Schuler\Desktop\aswMBR.exe
2015-08-31 11:47 - 2015-08-31 11:47 - 00000672 _____ C:\Users\Schuler\Desktop\Draft Dominator.lnk
2015-08-31 11:47 - 2015-08-31 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator
2015-08-31 11:47 - 2015-08-31 11:47 - 00000000 ____D C:\FBG
2015-08-31 11:47 - 2006-03-08 09:27 - 01353360 _____ (FarPoint Technologies, Inc.) C:\Windows\system32\fpSpr60.ocx
2015-08-31 11:47 - 2004-12-07 13:03 - 00451760 _____ (FarPoint Technologies, Inc.) C:\Windows\system32\Tab32x30.ocx
2015-08-31 11:47 - 1999-01-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\xl5en32.olb
2015-08-31 11:46 - 2015-08-31 11:46 - 05523273 _____ ( ) C:\Users\Schuler\Desktop\DD160k_Setup.exe
2015-08-31 09:12 - 2015-08-31 09:12 - 00001082 _____ C:\Users\Schuler\Desktop\Malwarebytes Anti-Malware.txt
2015-08-31 08:48 - 2015-08-31 08:48 - 00001082 _____ C:\Malwarebytes Anti-Malware.lnk
2015-08-31 08:31 - 2015-08-31 08:31 - 00000039 _____ C:\Windows\WININIT.INI
2015-08-31 08:16 - 2015-08-31 08:16 - 00000295 _____ C:\Windows\system32\InstallUtil.InstallLog
2015-08-31 08:01 - 2015-08-31 09:01 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 08:01 - 2015-08-31 08:01 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 08:01 - 2015-08-31 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 08:00 - 2015-08-31 08:01 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-31 08:00 - 2015-08-31 08:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-31 08:00 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-31 08:00 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-31 08:00 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-31 07:55 - 2015-08-31 07:55 - 00004531 _____ C:\Users\Schuler\Desktop\JRT.txt
2015-08-31 07:17 - 2015-08-31 07:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Schuler\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-31 07:15 - 2015-08-31 07:20 - 00000000 ____D C:\AdwCleaner
2015-08-31 07:15 - 2015-08-31 07:15 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Schuler\Desktop\JRT.exe
2015-08-31 07:14 - 2015-08-31 07:14 - 01618432 _____ C:\Users\Schuler\Desktop\adwcleaner_5.004.exe
2015-08-31 03:30 - 2015-08-31 03:32 - 00000000 ____D C:\5be343bfc7f39a7462ea75e6
2015-08-30 21:27 - 2015-08-30 21:27 - 00051205 _____ C:\Users\Schuler\Desktop\Addition.txt
2015-08-30 21:14 - 2015-08-30 21:19 - 00051205 _____ C:\Users\Schuler\Downloads\Addition.txt
2015-08-30 21:10 - 2015-08-31 15:12 - 00000000 ____D C:\FRST
2015-08-30 21:10 - 2015-08-30 21:19 - 00039566 _____ C:\Users\Schuler\Downloads\FRST.txt
2015-08-30 21:09 - 2015-08-30 21:09 - 01690624 _____ (Farbar) C:\Users\Schuler\Downloads\FRST(1).exe
2015-08-30 21:05 - 2015-08-30 21:06 - 01690624 _____ (Farbar) C:\Users\Schuler\Downloads\FRST.exe
2015-08-30 18:42 - 2015-08-30 18:43 - 00003442 _____ C:\Windows\DPINST.LOG
2015-08-30 10:09 - 2015-08-30 10:09 - 18744520 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-08-30 09:48 - 2015-08-30 09:48 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Avira
2015-08-30 09:33 - 2015-08-06 20:58 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-08-30 09:33 - 2015-08-06 20:58 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-08-30 09:26 - 2015-08-30 19:57 - 00001947 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 09:16 - 2015-08-31 14:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e32e7dae6a08.job
2015-08-30 09:16 - 2015-08-30 09:16 - 00000000 ____D C:\Program Files\GUMEDA8.tmp
2015-08-30 09:14 - 2015-08-30 09:15 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws (1).exe
2015-08-30 09:13 - 2015-08-30 09:13 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws.exe
2015-08-30 08:53 - 2015-08-30 08:53 - 00000959 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-30 08:52 - 2015-08-30 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-30 08:51 - 2015-08-30 09:40 - 00000000 ____D C:\ProgramData\Avira
2015-08-30 08:51 - 2015-08-30 09:29 - 00000000 ____D C:\Program Files\Avira
2015-08-30 08:50 - 2015-08-30 08:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-30 08:47 - 2015-08-30 08:48 - 04772888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Schuler\Downloads\avira_en_av_55e30988deb92__ws1.exe
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 15:09 - 2012-04-23 09:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 14:45 - 2011-10-17 18:26 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 14:41 - 2007-05-26 23:43 - 02002174 _____ C:\Windows\WindowsUpdate.log
2015-08-31 14:36 - 2011-10-17 18:26 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 14:35 - 2007-05-28 08:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-31 14:35 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 14:35 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 14:35 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 14:34 - 2014-10-19 11:09 - 200526285 _____ C:\Windows\MEMORY.DMP
2015-08-31 14:34 - 2007-10-25 16:51 - 00000000 ____D C:\Windows\Minidump
2015-08-31 09:00 - 2007-05-26 23:23 - 00094496 _____ C:\Users\Schuler\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-31 08:56 - 2006-11-02 07:47 - 00360064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-31 08:55 - 2014-10-08 19:43 - 00132300 _____ C:\Windows\PFRO.log
2015-08-31 08:54 - 2006-12-17 23:05 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-31 08:54 - 2006-11-02 08:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-31 08:52 - 2008-02-15 17:28 - 00000000 ____D C:\Program Files\Logitech
2015-08-31 08:52 - 2007-05-26 21:54 - 00000000 ____D C:\Users\Schuler
2015-08-31 08:52 - 2006-12-17 23:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-31 08:51 - 2008-02-15 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\Users\Schuler\AppData\Local\WebGuard
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\ProgramData\dJbYlUtu
2015-08-31 08:48 - 2006-12-17 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
2015-08-31 08:48 - 2006-12-17 23:57 - 00000000 ____D C:\Program Files\HP Games
2015-08-31 08:44 - 2006-12-18 00:02 - 00000000 ____D C:\ProgramData\WildTangent
2015-08-31 08:44 - 2006-11-02 07:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-31 08:36 - 2007-10-25 10:07 - 00000000 ___HD C:\Users\Schuler\AppData\Roaming\GTek
2015-08-31 08:36 - 2007-10-25 10:06 - 00000000 ___HD C:\ProgramData\GTek
2015-08-31 08:18 - 2006-12-17 23:55 - 00000000 ____D C:\Program Files\HP
2015-08-31 08:16 - 2006-12-17 23:22 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-31 08:15 - 2006-12-18 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-31 08:13 - 2007-10-03 20:02 - 00055519 _____ C:\ProgramData\hpzinstall.log
2015-08-31 07:32 - 2006-11-02 05:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-31 03:50 - 2014-10-03 09:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-31 03:31 - 2014-10-03 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-31 03:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-31 03:29 - 2014-10-03 04:19 - 00002113 _____ C:\Windows\epplauncher.mif
2015-08-31 03:22 - 2013-08-15 03:15 - 00000000 ____D C:\Windows\system32\MRT
2015-08-31 03:10 - 2006-12-17 23:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-31 00:03 - 2014-12-09 10:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-30 21:12 - 2015-01-02 22:43 - 00000000 ____D C:\ProgramData\Optimizer
2015-08-30 19:19 - 2011-09-28 13:30 - 00000000 ____D C:\Program Files\Citrix
2015-08-30 18:51 - 2009-07-20 22:50 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-30 18:47 - 2013-05-28 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-30 18:35 - 2015-01-29 20:33 - 00000000 ____D C:\Program Files\Driver Updater
2015-08-30 18:07 - 2015-01-02 22:46 - 00000000 ____D C:\Program Files\Opera
2015-08-30 18:06 - 2015-01-02 22:51 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Opera Software
2015-08-30 18:06 - 2015-01-02 22:51 - 00000000 ____D C:\Users\Schuler\AppData\Local\Opera Software
2015-08-30 10:09 - 2012-04-23 09:43 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-30 10:09 - 2011-05-26 17:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-30 09:26 - 2011-10-17 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-30 09:26 - 2011-05-07 09:21 - 00000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-30 09:26 - 2008-06-21 10:29 - 00001568 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-30 09:26 - 2007-05-26 23:23 - 00000831 _____ C:\Users\Schuler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 09:22 - 2015-01-02 22:45 - 00000000 ____D C:\Program Files\Windows Network Accelerater
2015-08-30 09:21 - 2015-01-02 22:45 - 00000000 ____D C:\ProgramData\Windows VXM
2015-08-30 08:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tracing
2015-08-30 08:22 - 2012-02-04 14:14 - 00000000 ____D C:\Users\Schuler\AppData\Roaming\Skype
2015-08-30 08:17 - 2009-11-26 09:14 - 00000000 ____D C:\Windows\pss
2015-08-30 08:09 - 2015-01-29 23:49 - 00000444 ____H C:\Windows\Tasks\Norton Security Scan for Schuler.job

==================== Files in the root of some directories =======

2012-06-20 10:40 - 2012-06-20 10:40 - 0000288 _____ () C:\Users\Schuler\AppData\Roaming\.backup.dm
2007-08-26 13:12 - 2014-04-10 13:20 - 0000360 _____ () C:\Users\Schuler\AppData\Roaming\wklnhst.dat
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\AtStart.txt
2007-05-28 07:22 - 2015-01-21 15:32 - 0001356 _____ () C:\Users\Schuler\AppData\Local\d3d9caps.dat
2007-05-26 11:07 - 2014-10-05 11:42 - 0006656 _____ () C:\Users\Schuler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\DSwitch.txt
2007-05-26 23:23 - 2007-05-26 23:23 - 0000000 _____ () C:\Users\Schuler\AppData\Local\QSwitch.txt
2013-03-27 21:49 - 2013-03-27 21:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2007-10-03 20:02 - 2015-08-31 08:13 - 0055519 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Schuler\AppData\Local\Temp\avgnt.exe
C:\Users\Schuler\AppData\Local\Temp\IadHide5.dll
C:\Users\Schuler\AppData\Local\Temp\setupA9_.exe
C:\Users\Schuler\AppData\Local\Temp\sqlite3.dll
C:\Users\Schuler\AppData\Local\Temp\SymCCIS.dll
C:\Users\Schuler\AppData\Local\Temp\_isC820.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-31 14:41

==================== End of FRST.txt ============================



#13 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 August 2015 - 03:36 PM

FRST Additional.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Schuler (2015-08-31 15:15:24)
Running from C:\Users\Schuler\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3414952672-4210971663-2880256135-500 - Administrator - Disabled)
Guest (S-1-5-21-3414952672-4210971663-2880256135-501 - Limited - Disabled)
Schuler (S-1-5-21-3414952672-4210971663-2880256135-1000 - Administrator - Enabled) => C:\Users\Schuler

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
DraftDominator Version 16.0k (HKLM\...\DraftDominator_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
HP Connections (remove only) (HKLM\...\HPOOVClient-6811507 Uninstaller) (Version:  - )
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Driver Diagnostics (HKLM\...\{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}) (Version: 1.02.0010 - Hewlett-Packard Company)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Print Diagnostic Utility (HKLM\...\{5E06C076-E4E7-4239-A886-B3D8AC84C166}) (Version: 1.11.0001 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}) (Version: 1.0.94 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guide 0048 (HKLM\...\{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}) (Version: 3.00 B2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marketsplash Print Software (HKLM\...\{61933675-EFC7-4190-90B6-5AD56E1D9294}) (Version: 1.0.1.31 - Hewlett-Packard)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPM (HKLM\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 5.0 (HKLM\...\{99C5770C-1C90-42E7-9B74-D47CFAF14621}) (Version: 5.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0304 - WildTangent)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.31 - Symantec Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000_Classes\CLSID\{8ba2cfef-a1bc-4964-aadc-33be1ae5a33c}\InprocServer32 -> no filepath

==================== Restore Points =========================

29-01-2015 20:08:15 Removed Pro PC Cleaner
29-01-2015 20:50:01 Removed Pro PC Cleaner
30-08-2015 18:07:01 Windows Update
30-08-2015 18:40:31 Removed KODAK Share Button App.
31-08-2015 03:00:53 Windows Update
31-08-2015 07:49:32 JRT Pre-Junkware Removal
31-08-2015 08:14:05 Removed HP Active Support Library.
31-08-2015 08:18:40 Removed Evolve eBooks.
31-08-2015 08:31:03 Removed Logitech Desktop Messenger
31-08-2015 08:51:04 Removed Logitech Harmony Remote Software 7

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2009-08-14 08:03 - 00321522 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E2A1264-61E2-4E24-8CE6-AC7ACA9F7835} - \ALEKTNWT -> No File <==== ATTENTION
Task: {3AA6C3F6-9BBC-4B6E-A19E-F7FE3AD9ABF4} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {458207A5-3E85-45EA-A965-2FB76A926CCD} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {4CB8697D-1552-4ACB-80C0-48397EB773F6} - \BlockAndSurf Update -> No File <==== ATTENTION
Task: {642D0218-D4C7-4EA6-8704-50D72DB41C38} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {ABCC532C-A439-4FA4-9C03-B779AFB1E73C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
Task: {AC9A071F-DB91-4CB1-A1C3-EACCCB2A7E20} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e32e7dae6a08 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B51CE9AA-6EAB-4F96-BEAF-10ABA0C5A6F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B80D78CD-C6F3-462C-912D-10C4A3B295F2} - System32\Tasks\HPCeeScheduleForSchuler => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-30] (Hewlett-Packard)
Task: {C44007D5-C48E-43D6-BD48-490417587DFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C90588C1-148D-4C98-B76F-C1AB7C4CFFBF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {D51708A6-7916-4D23-A94B-A2266B0CD80E} - System32\Tasks\Norton Security Scan for Schuler => C:\Program Files\Norton Security Scan\Engine\4.1.0.31\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {DF97DE67-F5E5-4F5C-8C78-870E1BC81017} - \Gniaawraihxu -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e32e7dae6a08.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSchuler.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Schuler.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe

==================== Loaded Modules (Whitelisted) ==============

2006-12-17 23:56 - 2006-11-24 18:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2006-12-17 23:56 - 2006-11-24 18:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2006-12-17 23:56 - 2006-11-24 18:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2006-12-17 23:56 - 2006-11-24 18:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2006-12-17 23:56 - 2006-11-24 18:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2006-12-17 23:56 - 2006-11-24 18:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2006-12-17 23:55 - 2006-11-24 18:33 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5707 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Harmony Monitor.lnk => C:\Windows\pss\Harmony Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk => C:\Windows\pss\HP Connections.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Marketsplash Print Software.lnk => C:\Windows\pss\Marketsplash Print Software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Schuler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: KGShareApp => C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: LDM => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl => %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WAWifiMessage => %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{FF410DC1-9B89-450A-9149-56091397F842}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{1527A20A-9856-4DE3-852A-10E73B707B3C}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{F68661BE-C072-4C3F-8437-B845A302674C}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
FirewallRules: [{C1729459-FF53-4016-955F-F16A89461BFD}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections
FirewallRules: [{1F01BF90-4230-48B1-A759-7E8251A1C816}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
FirewallRules: [{0D26767E-1200-4714-8D7B-5D0C17D364BA}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
FirewallRules: [{344114AA-9FB4-48B5-84B2-7994E04D8AC4}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
FirewallRules: [{E76B4AC4-ED29-487A-AE3B-AD101B503B38}] => (Allow) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
FirewallRules: [{209DD644-EE5B-41B3-9983-74E3DBF635F0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{F5FAE2A8-D534-43B4-8A75-DFB5F4F8B543}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{5D752E3B-9435-4FE8-88BA-783E9B4F4ED7}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{97C35DD8-5A0B-4BB2-8E8D-46F3ADD03644}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{85E113F6-2BAD-472B-BF41-FECD2C1E6B22}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{5D4E537E-DEF2-4B74-B555-EF473F2CC5F4}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [TCP Query User{096F7E54-ADF2-4A7F-A18D-2AD0CD297A4A}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{BF6C60DF-B6BE-49E2-A6DB-B06E11819789}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{C5C1C98C-0F58-49AD-830C-E8428832A985}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{E669D493-4AAF-44EF-9B9E-7C77A6161D93}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{46F6E1D4-4469-46FF-97EB-08051BACEA5F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{36875AA0-C0A2-4D41-A9DF-AC8D93C101A2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{35BF3DAE-42F7-4AC7-8ADC-7575B368BA09}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8F44CD5D-1E40-4D79-B9CB-D2935E51F0E5}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C6AF8CCC-DB04-44E8-AE52-5F3EE1C79349}] => (Allow) C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
FirewallRules: [{2C92A64E-0F77-48A9-AC2D-C012BB72E08A}] => (Allow) C:\Program Files\HP\digital imaging\bin\hpqste08.exe
FirewallRules: [{656056AA-DE90-4681-963A-A69EA306AA83}] => (Allow) C:\Program Files\HP\digital imaging\bin\hpofxm08.exe
FirewallRules: [{D7310DB0-E6BF-41C0-B948-FBD6C50BFC86}] => (Allow) C:\Program Files\HP\digital imaging\bin\hposfx08.exe
FirewallRules: [{C97D04D6-4961-46BC-98C8-62628915FF1A}] => (Allow) C:\Program Files\HP\digital imaging\bin\hposid01.exe
FirewallRules: [{8A49B50E-FB91-4DE6-B76F-D26E4FFF62A6}] => (Allow) C:\Program Files\HP\digital imaging\bin\hpqkygrp.exe
FirewallRules: [{0EFF64B2-CF3E-4142-B102-3A2DB447D0D6}] => (Allow) C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe
FirewallRules: [{0C58991A-78CE-4CE5-9881-AD7ADA67BE32}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F3CAF639-FDB4-46C4-9523-9F0A48DC2AD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D8ACE17F-9C91-4A5F-BA6C-8BB51FCB91EF}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{2CA17B14-8CBB-4F44-80EC-F4D8EAC3DFE8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{987E1DCD-48C1-41E9-AD36-782190016619}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{99E289B8-DF66-4C17-9B6C-AE0BBE9F305B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{87E56A04-542B-4A0A-AA43-3123B726CE5C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{EE022238-451E-4B55-910C-501A4C0B0A78}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{3F027E5F-1023-43E2-82BA-42E3BB82E621}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{2CF60ABB-F791-4C72-8DF7-6B2C26C56193}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [TCP Query User{FB674BCA-38F9-441A-AD33-55D1835620EE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0578DAB7-34FB-482B-86B0-CA641A37EA5B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{84AD78BD-CDAC-4089-AEA8-AB72AEB0478C}] => (Allow) LPort=80
FirewallRules: [{BDA08336-E342-4166-9599-11012D52A0A8}] => (Allow) LPort=80
FirewallRules: [{B03BD4D2-0302-4220-BF8B-3398B2E4055B}] => (Allow) LPort=80
FirewallRules: [{13AD952F-913C-4576-AC46-CFE4C06DDB0B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2B3B8FB2-A6C8-4D2D-8082-FB2A678AB3C3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{181C0124-9816-402E-BAD8-EE5A781CA89D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{645F74A5-FD6B-40F4-9C86-D363FC0C8457}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{1B1049B2-F64A-4182-8629-42F86C9D1837}C:\users\schuler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\schuler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{96FADAD6-4D03-438F-9482-FDD1B67E99B4}C:\users\schuler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\schuler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{BF1E215E-8764-407D-9EA2-8920BF6B97FC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{096DD86E-7DE1-4833-B518-965BAA52492A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A69C5A48-8AD1-47EB-9A7F-05F93A7E295F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{94F46380-879B-4A7F-BBAA-B8691462DA88}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2D8FE333-25FE-49FA-843E-A950D76F16CF}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DD20AD0E-A419-483D-ABA8-BAB4BC27D33F}] => (Allow) C:\Users\Schuler\AppData\Local\Temp\7zS9491.tmp\SymNRT.exe
FirewallRules: [{6BACF219-2F42-484F-8123-E095FB9D73A7}] => (Allow) C:\Users\Schuler\AppData\Local\Temp\7zS9491.tmp\SymNRT.exe
FirewallRules: [{E5740C21-8720-4FBE-A33F-565EEACBFE49}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{69644E96-7669-4705-99CB-9BD2ABD4D0CF}] => (Allow) LPort=2869
FirewallRules: [{778E8C00-3618-424F-B112-818928D9F43F}] => (Allow) LPort=1900
FirewallRules: [{47A57FCF-B9F3-456C-A5F5-EADE364A8F9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2015 08:51:04 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {217f0922-36ac-4694-a0f0-f0ad8e3cce13}

Error: (08/31/2015 08:31:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {217f0922-36ac-4694-a0f0-f0ad8e3cce13}

Error: (08/31/2015 06:59:36 AM) (Source: Avira Launcher Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.WinCore.BrowserInfo.<>c__DisplayClass3.<GetInstalledBrowsersData>b__1(BrowserData B)
   at System.Collections.Generic.List`1.FindIndex(Int32 startIndex, Int32 count, Predicate`1 match)
   at Avira.OE.WinCore.BrowserInfo.GetInstalledBrowsersData(String userSid)
   at Avira.OE.WinCore.DeviceUpdateDataFactory.UpdateDynamicData(DevUpdateDataCommand devUpdateData, String userSid)
   at Avira.OE.WinCore.DeviceUpdateDataFactory.CreateDeviceUpdateData(String userSid)
   at Avira.OE.Communicator.Communicator.CreateAndSendDeviceUpdateDataMessage(String userSid)
   at Avira.OE.Communicator.Communicator.SessionChanged(Session newActiveSession, Session previousActiveSession)
   at Avira.OE.Communicator.Communicator.OnActiveSessionChanged(Object sender, ActiveSessionChangedEventArgs activeSessionChangedEventArgs)
   at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 evt, Object sender, T e)
...

Error: (08/31/2015 03:32:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/31/2015 03:32:43 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/31/2015 03:32:43 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/31/2015 03:30:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office Word 2007 (KB3055052) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/31/2015 03:30:34 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/31/2015 03:30:34 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/31/2015 03:29:52 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x8004FF86
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF86.

System errors:
=============

Microsoft Office:
=========================
Error: (04/15/2014 05:16:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4219 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (10/15/2013 07:25:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2249 seconds with 960 seconds of active time.  This session ended with a crash.

CodeIntegrity:
===================================
  Date: 2015-08-31 15:14:44.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:44.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:43.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:43.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:42.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:41.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:41.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:14:40.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:13:10.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-31 15:13:10.401
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 61%
Total physical RAM: 2037.31 MB
Available physical RAM: 783.98 MB
Total Virtual: 4315.86 MB
Available Virtual: 2396.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.49 GB) (Free:73.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.56 GB) (Free:0.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6125DB67)
Partition 1: (Active) - (Size=142.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#14 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 01 September 2015 - 02:03 AM

Things are looking better.


Multiple antiviruses

You have Avira and Microsoft Security Essential (MSE) antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Please uninstall one of them.

  • click Start, Control Panel, Programs and Features
  • scroll down the list click on either Avira or MSE and then on Remove.

==================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.


ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> DefaultScope {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {23E550C6-11D1-4412-9BFE-3EBCC93E7CE4} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {286B8D1C-B5BB-416F-9345-C63C50B023CA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {38B6B68D-A539-4F16-A3F3-917295B10D47} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {C59E0AC6-FB34-4BC6-8A34-987413390168} URL = hxxp://www.flickr.com/search/?q={searchTerms}
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll [No File]
FF Extension: No Name - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-08-30 09:16 - 2015-08-30 09:16 - 00000000 ____D C:\Program Files\GUMEDA8.tmp
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\Users\Schuler\AppData\Local\WebGuard
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\ProgramData\dJbYlUtu
2015-08-30 21:12 - 2015-01-02 22:43 - 00000000 ____D C:\ProgramData\Optimizer
C:\Program Files\GUMEDA8.tmp
C:\Users\Schuler\AppData\Local\WebGuard
C:\ProgramData\dJbYlUtu
C:\ProgramData\Optimizer

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

Please run Malwarebytes again and send the new log also.

Can you tell me if any problems remain.

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 toomuch1

toomuch1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 01 September 2015 - 07:18 AM

First time I the FRST run with fixlist.txt file the compyter blue screnned and restatrted though it seemed to run the test as it produced a file log.  Upon the restart I ran it again with no problems.  Here is teh output

 

Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Schuler (2015-09-01 07:15:06) Run:1
Running from C:\Users\Schuler\Desktop\FRST
Loaded Profiles: Schuler (Available Profiles: Schuler)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> DefaultScope {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {0B8AD893-159C-43FF-A3CB-05096FC62E40} URL = hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {23E550C6-11D1-4412-9BFE-3EBCC93E7CE4} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {286B8D1C-B5BB-416F-9345-C63C50B023CA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {38B6B68D-A539-4F16-A3F3-917295B10D47} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-3414952672-4210971663-2880256135-1000 -> {C59E0AC6-FB34-4BC6-8A34-987413390168} URL = hxxp://www.flickr.com/search/?q={searchTerms}
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll [No File]
FF Extension: No Name - C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-08-30 09:16 - 2015-08-30 09:16 - 00000000 ____D C:\Program Files\GUMEDA8.tmp
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\Users\Schuler\AppData\Local\WebGuard
2015-08-31 08:48 - 2014-12-17 22:04 - 00000000 ____D C:\ProgramData\dJbYlUtu
2015-08-30 21:12 - 2015-01-02 22:43 - 00000000 ____D C:\ProgramData\Optimizer
C:\Program Files\GUMEDA8.tmp
C:\Users\Schuler\AppData\Local\WebGuard
C:\ProgramData\dJbYlUtu
C:\ProgramData\Optimizer
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B8AD893-159C-43FF-A3CB-05096FC62E40}" => key removed successfully.
HKCR\CLSID\{0B8AD893-159C-43FF-A3CB-05096FC62E40} => key not found.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23E550C6-11D1-4412-9BFE-3EBCC93E7CE4}" => key removed successfully.
HKCR\CLSID\{23E550C6-11D1-4412-9BFE-3EBCC93E7CE4} => key not found.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{286B8D1C-B5BB-416F-9345-C63C50B023CA}" => key removed successfully.
HKCR\CLSID\{286B8D1C-B5BB-416F-9345-C63C50B023CA} => key not found.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38B6B68D-A539-4F16-A3F3-917295B10D47}" => key removed successfully.
HKCR\CLSID\{38B6B68D-A539-4F16-A3F3-917295B10D47} => key not found.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B}" => key removed successfully.
HKCR\CLSID\{A5CA7B81-CA9F-4A8C-9755-F41167BC3C5B} => key not found.
"HKU\S-1-5-21-3414952672-4210971663-2880256135-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C59E0AC6-FB34-4BC6-8A34-987413390168}" => key removed successfully.
HKCR\CLSID\{C59E0AC6-FB34-4BC6-8A34-987413390168} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} => value removed successfully.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} => key not found.
"HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin" => key removed successfully.
C:\Users\Schuler\AppData\Roaming\Mozilla\Firefox\Profiles\siiuku1p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => path removed successfully.
blbdrive => service removed successfully.
eabfiltr => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
UIUSys => service removed successfully.
C:\Program Files\GUMEDA8.tmp => moved successfully
C:\Users\Schuler\AppData\Local\WebGuard => moved successfully
C:\ProgramData\dJbYlUtu => moved successfully
C:\ProgramData\Optimizer => moved successfully
"C:\Program Files\GUMEDA8.tmp" => File/Folder not found.
"C:\Users\Schuler\AppData\Local\WebGuard" => File/Folder not found.
"C:\ProgramData\dJbYlUtu" => File/Folder not found.
"C:\ProgramData\Optimizer" => File/Folder not found.

==== End of Fixlog 07:15:07 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users