Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scan results, please, explain.


  • This topic is locked This topic is locked
2 replies to this topic

#1 andrisdr

andrisdr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 02 September 2015 - 05:15 AM

I am not sure. Did it find something or am I clean?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Andris (administrator) on ANDRA-PC (02-09-2015 12:43:07)
Running from C:\Users\Andris\Downloads
Loaded Profiles: Andris & UpdatusUser (Available Profiles: Andris & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
() C:\Program Files\HTC\Internet Pass-Through\htcnat.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7539232 2009-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\PROGRA~1\MICROS~3\ENDPOI~1\31265D~1.0\WhlNSP.dll [150232 2015-02-09] (Microsoft Corporation)
Winsock: Catalog9 01 C:\PROGRA~1\MICROS~3\ENDPOI~1\31265D~1.0\WhlLSP.dll [197848 2015-02-09] (Microsoft Corporation)
Winsock: Catalog9 02 C:\PROGRA~1\MICROS~3\ENDPOI~1\31265D~1.0\WhlLSP.dll [197848 2015-02-09] (Microsoft Corporation)
Winsock: Catalog9 03 C:\PROGRA~1\MICROS~3\ENDPOI~1\31265D~1.0\WhlLSP.dll [197848 2015-02-09] (Microsoft Corporation)
Winsock: Catalog9 14 C:\PROGRA~1\MICROS~3\ENDPOI~1\31265D~1.0\WhlLSP.dll [197848 2015-02-09] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 77.38.238.2 195.62.128.130
Tcpip\..\Interfaces\{7C841F8A-1A22-40F4-B15B-FA98ECAD33AF}: [DhcpNameServer] 77.38.238.2 195.62.128.130
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://nld.portal.jw.org/InternalSite/WhlCompMgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\user.js [2015-09-02]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\delta-homes.xml [2015-06-12]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-1.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-10.xml [2015-03-10]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-11.xml [2015-03-10]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-12.xml [2015-04-16]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-13.xml [2015-04-20]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-14.xml [2015-04-21]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-15.xml [2015-04-21]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-16.xml [2015-04-21]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-17.xml [2015-04-21]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-18.xml [2015-05-05]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-19.xml [2015-06-12]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-2.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-3.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-4.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-5.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-6.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-7.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-8.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4-9.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\doctype-html-public--w3cdtd-html-4.xml [2015-03-04]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\mystartsearch.xml [2015-02-11]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dict-enlv.xml [2015-01-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\salidzinilv.xml [2015-01-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sslv.xml [2015-01-23]
FF Extension: FF Toolbar - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\fftoolbar2014@etech.com [2015-04-24]
FF Extension: jid0DpogclPgnN9OvqNntEBbPZxBinYjetpack - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack [2015-02-10]
FF Extension: QuickSearch - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\quick_searchff@gmail.com [2015-06-12]
FF Extension: Search Enginer - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\sweetsearch@gmail.com [2015-06-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-06]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\quick_searchff@gmail.com
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Adblock Plus) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-06]
CHR Extension: (Google Search) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\Andris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [620760 2015-02-09] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170712 2013-11-15] (Microsoft Corporation)
S3 whliocsv; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\whliocsv.exe [183512 2013-11-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 SSFK; C:\Program Files\SFK\SSFK.exe -s [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Andris (2015-09-02 12:43:33)
Running from C:\Users\Andris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1278163328-70095404-2841670009-500 - Administrator - Disabled)
Andris (S-1-5-21-1278163328-70095404-2841670009-1000 - Administrator - Enabled) => C:\Users\Andris
Guest (S-1-5-21-1278163328-70095404-2841670009-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1278163328-70095404-2841670009-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
join.me (HKU\S-1-5-21-1278163328-70095404-2841670009-1000\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 37.0.2 (x86 lv) (HKLM\...\Mozilla Firefox 37.0.2 (x86 lv)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5869 - Realtek Semiconductor Corp.)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
03-08-2015 21:37:08 Windows Update
05-08-2015 08:33:43 Scheduled Checkpoint
06-08-2015 16:51:12 Scheduled Checkpoint
07-08-2015 16:18:58 Windows Update
09-08-2015 01:57:52 Scheduled Checkpoint
10-08-2015 00:07:03 Scheduled Checkpoint
11-08-2015 08:56:22 Windows Update
13-08-2015 03:00:24 Windows Update
15-08-2015 10:45:22 Scheduled Checkpoint
16-08-2015 10:55:37 Windows Update
17-08-2015 18:28:41 Scheduled Checkpoint
19-08-2015 00:00:07 Scheduled Checkpoint
19-08-2015 19:03:56 Windows Update
20-08-2015 23:20:08 Scheduled Checkpoint
22-08-2015 01:07:20 Scheduled Checkpoint
23-08-2015 18:44:38 Windows Update
26-08-2015 10:51:17 Scheduled Checkpoint
27-08-2015 08:33:01 Windows Update
28-08-2015 00:00:02 Scheduled Checkpoint
30-08-2015 04:55:00 Scheduled Checkpoint
30-08-2015 14:26:13 Windows Update
31-08-2015 03:55:52 Scheduled Checkpoint
01-09-2015 00:03:21 Scheduled Checkpoint
01-09-2015 17:26:29 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 13:23 - 2015-09-02 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {185F1B1D-D38E-4AC3-9817-01D09605999E} - System32\Tasks\UNELEVATE_32323 => C:\Program Files\ShopperPro\JSDriver\1494.0.0.0\jsdrv.exe <==== ATTENTION
Task: {47761753-00BD-4A71-A394-C08C8001DDC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {51D416EF-B49B-414A-8622-8DB9A7F71FBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {5B3B6482-D7E8-4435-ABE5-2F24E0E94DDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {973B19D8-7F03-495C-A9A6-C6F1DB977593} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {F7F01A2B-DB86-45E9-B7DF-00D2F91C6D71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F937D4B9-307C-4F22-8BD0-4482785FE561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-25 09:30 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-06-25 09:30 - 2012-12-07 17:26 - 00114688 _____ () C:\Program Files\HTC\Internet Pass-Through\htcnat.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
2015-08-21 03:30 - 2015-08-18 08:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Andris\Downloads\502015752_LT_cnt_1_r720P.mp4:TOC.WMV
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1278163328-70095404-2841670009-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 77.38.238.2 - 195.62.128.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{2CCB77EB-BE55-4AC9-9570-B37DBB792B11}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{759147A7-D059-44C5-A518-C419F1FB850E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38B9A621-7F0F-4166-8E90-F297FC092202}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D5500E0-9284-4030-902A-BC87A3AB9C6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F7FF625C-0506-4E35-949B-66E63F748823}] => (Allow) LPort=80
FirewallRules: [{CDA15337-07B2-44FB-86CA-1B74CD91C489}] => (Allow) LPort=80
FirewallRules: [{594FFFD1-17B4-4DF1-8213-07382AC86FA9}] => (Allow) LPort=80
FirewallRules: [{284A4819-0B8B-4254-B15B-024EE742CCC4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{206ACF17-320E-4167-9B92-AE4C83D70862}C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe] => (Allow) C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe
FirewallRules: [UDP Query User{3CFDEC51-2399-4545-9359-F716153731C4}C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe] => (Allow) C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe
FirewallRules: [TCP Query User{C935F1AB-8CC5-44C8-946A-47CACD9242A3}C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe] => (Block) C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe
FirewallRules: [UDP Query User{C521B777-0673-42C1-A033-8AFAE9E2BFBB}C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe] => (Block) C:\program files\freeciv-2.4.0-gtk2\freeciv-server.exe
FirewallRules: [{CFFB5E11-C28E-4627-AFF2-4D6262E2AF4D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2015 12:04:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/01/2015 12:45:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/01/2015 12:42:09 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: 1115A system shutdown is in progress. (0x45b)
 
Error: (08/28/2015 11:01:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2015 10:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2015 09:12:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 06:34:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:42:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/21/2015 04:39:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/21/2015 11:41:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/02/2015 12:14:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (09/02/2015 12:12:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
Error: (09/02/2015 12:12:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (09/02/2015 12:12:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (09/02/2015 12:07:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (09/02/2015 12:04:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (09/02/2015 12:04:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (09/02/2015 12:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SSFK%%2
 
Error: (09/02/2015 12:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/02/2015 12:02:52 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
 
Microsoft Office:
=========================
Error: (09/02/2015 12:04:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/01/2015 12:45:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/01/2015 12:42:09 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: 1115A system shutdown is in progress. (0x45b)
 
Error: (08/28/2015 11:01:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2015 10:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2015 09:12:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 06:34:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:42:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/21/2015 04:39:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/21/2015 11:41:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity:
===================================
  Date: 2015-02-07 08:55:25.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 08:55:25.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 08:55:25.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 08:55:25.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 08:55:25.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 07:25:08.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 07:25:08.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 07:25:08.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 07:25:08.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 07:25:08.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 51%
Total physical RAM: 3069.5 MB
Available physical RAM: 1500.35 MB
Total Virtual: 6342.04 MB
Available Virtual: 4589.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.13 GB) (Free:211.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.95 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: C5FCBD5F)
Partition 1: (Active) - (Size=285.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 PM

Posted 02 September 2015 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1278163328-70095404-2841670009-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1278163328-70095404-2841670009-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
FF user.js: detected! => C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\user.js [2015-09-02]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\delta-homes.xml [2015-06-12]
FF SearchPlugin: C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\searchplugins\mystartsearch.xml [2015-02-11]
FF Extension: FF Toolbar - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\fftoolbar2014@etech.com [2015-04-24]
FF Extension: QuickSearch - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\quick_searchff@gmail.com [2015-06-12]
FF Extension: Search Enginer - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\Extensions\sweetsearch@gmail.com [2015-06-12]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\quick_searchff@gmail.com
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Andris\AppData\Roaming\Mozilla\Firefox\Profiles\6m5fa2k9.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1434104895&z=30ac05505270f0e8207ce35g2z7cbzbg9e8zebat2m&from=ient06122&uid=FUJITSUXMHZ2320BHXG2_K618T84283D4
S2 SSFK; C:\Program Files\SFK\SSFK.exe -s [X]
Task: {185F1B1D-D38E-4AC3-9817-01D09605999E} - System32\Tasks\UNELEVATE_32323 => C:\Program Files\ShopperPro\JSDriver\1494.0.0.0\jsdrv.exe <==== ATTENTION
C:\Program Files\ShopperPro
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Andris\Downloads\502015752_LT_cnt_1_r720P.mp4:TOC.WMV

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 PM

Posted 07 September 2015 - 07:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users