Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows defender opens up in DRVSTORE in my system 32 and in blue on my windows


  • Please log in to reply
16 replies to this topic

#1 ogee450

ogee450

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 27 October 2015 - 04:20 AM

Hello,

I need help as my windows defender wont turn on, virus protection, and spyware and un wanted software protection instead i get directed to windows/system32, where the DRVSTORE is in blue.

 

I have to uninstall all Antivirus on my system as it doesn't work.

 

will be grateful for your help.Attached File  Screenshot (1378).png   12.67KB   0 downloadsAttached File  Screenshot (1379).png   9.61KB   0 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 30 October 2015 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more informatio to give you any advices.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2015 - 01:25 AM

Hello nasdaq,

 

Thank you for your responce.

For thr FRST.txt,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-10-2015
Ran by O-GEE (administrator) on O-GEE (30-10-2015 18:03:41)
Running from C:\Users\hp\Desktop
Loaded Profiles: O-GEE (Available Profiles: O-GEE & Guest)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Etisalat Nigeria\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
Failed to access process -> iSafeSvc2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
(tsvr.com) C:\Users\hp\AppData\Roaming\TSv\TSvr.exe
(DTools LIMITED) C:\ProgramData\rWMiniPror\WMiniPro.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [uTorrent] => C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-06-07] (BitTorrent Inc.)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {1600a614-2084-11e4-826e-a01d48d61f05} - "F:\AutoRun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {1600a617-2084-11e4-826e-a01d48d61f05} - "F:\AutoRun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {443ec810-6de4-11e4-82c2-a01d48d61f05} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {443ec83c-6de4-11e4-82c2-a01d48d61f05} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {7264f795-47f4-11e5-82f7-a01d48d61f05} - "F:\NokiaPCIA_Autorun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {a553b1bd-a5ee-11e4-82d2-a01d48d61f05} - "F:\AutoRun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {a553b242-a5ee-11e4-82d2-a01d48d61f05} - "F:\AutoRun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {d7855b5a-1bbe-11e4-8269-a01d48d61f05} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\MountPoints2: {e6508208-32fc-11e5-82e8-a01d48d61f05} - "F:\AutoRun.exe"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-09-23]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3190061390-3777832906-3145808820-1002] => 127.0.0.1:8080
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\..\Interfaces\{B1C28942-0EAB-4715-8C4B-9022BD54A660}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F8E9DBA3-11DF-4276-918A-961343739890}: [DhcpNameServer] 192.168.176.251 192.168.176.252 192.168.176.253 192.168.176.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {F207AD40-940B-4D5A-80B0-D3A8001B2858} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {F207AD40-940B-4D5A-80B0-D3A8001B2858} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {F207AD40-940B-4D5A-80B0-D3A8001B2858} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.x64.dll => No File
BHO-x32: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\user.js [2015-10-28]
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\searchplugins\delta-homes.xml [2015-10-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-25]
FF Extension: Default NewTab - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com [2015-10-24] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com [2015-10-27] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi [2015-10-24] [not signed]
FF Extension: Best Video Downloader 2 - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2015-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\defsearchp@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
CHR StartupUrls: Default -> "hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg"
CHR DefaultSearchURL: Default -> hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> v9
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Hangouts) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR Extension: (BuyNsave) - C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg\ []

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-25] (Dropbox, Inc.)
S2 Etisalat Nigeria. RunOuc; C:\Program Files (x86)\Etisalat Nigeria\UpdateDog\ouc.exe [657504 2012-11-12] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [153600 2015-10-27] (XTab system) [File not signed]
R2 IhPul; C:\Users\hp\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [169632 2015-10-10] (TODO: <公司名>)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WdsManPro; C:\ProgramData\rWMiniPror\WMiniPro.exe [294912 2015-10-26] (DTools LIMITED) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [707760 2015-10-20] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3785432 2015-04-21] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib)
U1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 18:03 - 2015-10-30 18:04 - 00032552 _____ C:\Users\hp\Desktop\FRST.txt
2015-10-30 18:03 - 2015-10-30 18:03 - 00000000 ____D C:\FRST
2015-10-30 18:02 - 2015-10-30 18:02 - 02198016 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe
2015-10-28 18:15 - 2015-10-28 18:15 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-10-27 09:50 - 2015-10-27 09:51 - 00688992 _____ (Swearware) C:\Users\hp\Downloads\dds.scr
2015-10-27 09:33 - 2015-10-27 09:34 - 00000000 ____D C:\ProgramData\rWMiniPror
2015-10-24 13:48 - 2015-10-24 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-10-24 13:48 - 2015-10-24 13:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-10-24 13:13 - 2015-10-24 13:48 - 00001917 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-10-24 07:25 - 2015-10-24 07:25 - 00391582 ____T C:\Users\hp\Downloads\BREAKDOWN.oxps
2015-10-24 07:14 - 2015-10-24 07:27 - 00012816 _____ C:\Users\hp\Downloads\BREAKDOWN.xlsx
2015-10-23 20:57 - 2015-10-23 20:58 - 00000000 ____D C:\Users\hp\Documents\game
2015-10-23 18:57 - 2015-10-23 18:57 - 00011692 _____ C:\Users\hp\Downloads\Shop Glam Africa(1).xlsx
2015-10-23 17:57 - 2015-10-28 13:22 - 00000000 ____D C:\Users\hp\Desktop\ATSUA
2015-10-23 17:46 - 2015-10-23 17:47 - 00823523 _____ C:\Users\hp\Downloads\integrationpack.zip
2015-10-19 19:52 - 2015-10-19 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 09:35 - 2015-10-16 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 12:13 - 2015-10-15 12:13 - 00000017 _____ C:\Users\hp\AppData\Local\resmon.resmoncfg
2015-10-14 12:35 - 2015-10-14 12:38 - 00000000 ____D C:\Users\hp\Desktop\icpc
2015-10-13 10:27 - 2015-10-13 10:27 - 00011302 _____ C:\Users\hp\Downloads\Shop Glam Africa.xlsx
2015-10-13 09:52 - 2015-10-30 17:55 - 00000000 ____D C:\Program Files (x86)\WinZipper
2015-10-13 09:52 - 2015-10-21 16:50 - 00000000 ____D C:\Users\hp\AppData\Roaming\WinZipper
2015-10-13 09:52 - 2015-10-13 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-10-13 09:51 - 2015-10-27 09:33 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-10-13 09:51 - 2015-10-13 09:52 - 00000000 ____D C:\ProgramData\QWdsManProQ
2015-10-12 22:11 - 2015-10-12 22:11 - 00000000 ____D C:\Users\hp\Documents\CyberLink
2015-09-30 13:25 - 2015-09-30 13:25 - 00000000 ____D C:\Users\hp\Documents\Avatar
2015-09-30 13:24 - 2015-10-28 13:26 - 00000000 ____D C:\Users\hp\Documents\Youcam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 18:05 - 2014-08-03 22:05 - 00000000 ____D C:\Users\hp\AppData\Roaming\uTorrent
2015-10-30 18:04 - 2013-08-26 07:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-30 18:02 - 2014-09-08 22:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-30 18:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-30 18:01 - 2013-08-22 15:46 - 00187745 _____ C:\Windows\setupact.log
2015-10-30 18:00 - 2015-08-25 09:55 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-28 19:42 - 2014-08-05 17:23 - 00000000 ____D C:\Users\hp\Documents\softwares
2015-10-28 17:32 - 2014-08-03 21:24 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 16:18 - 2015-08-29 14:20 - 00000000 ____D C:\Users\hp\AppData\Roaming\Skype
2015-10-28 10:00 - 2015-08-25 09:55 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-28 09:19 - 2015-09-09 12:20 - 00000000 ___RD C:\Users\hp\Dropbox
2015-10-28 09:19 - 2015-08-25 09:55 - 00000000 ____D C:\Users\hp\AppData\Local\Dropbox
2015-10-28 09:17 - 2014-10-21 11:19 - 00000000 __RDO C:\Users\hp\OneDrive
2015-10-28 08:37 - 2014-07-25 19:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3190061390-3777832906-3145808820-1002
2015-10-28 08:32 - 2014-11-25 21:43 - 00000476 ____H C:\Windows\Tasks\Builder-S-2217020566.job
2015-10-28 08:32 - 2014-08-03 21:24 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-27 18:50 - 2014-08-06 09:56 - 00000000 ____D C:\Users\hp\AppData\Roaming\vlc
2015-10-27 18:06 - 2014-07-21 21:20 - 01080116 _____ C:\Windows\WindowsUpdate.log
2015-10-27 10:45 - 2015-08-07 20:34 - 00000000 ____D C:\Users\hp\Desktop\obagoo
2015-10-27 10:40 - 2015-01-31 19:40 - 00000000 ____D C:\Users\hp\Desktop\ogee
2015-10-27 09:34 - 2015-09-22 14:13 - 00000000 ____D C:\Program Files (x86)\SFK
2015-10-27 09:33 - 2015-09-22 14:12 - 00000000 ____D C:\Users\hp\AppData\Roaming\TSv
2015-10-27 09:33 - 2015-01-18 21:57 - 00000000 ____D C:\Program Files (x86)\XTab
2015-10-25 16:16 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-24 13:13 - 2014-10-07 14:02 - 00000000 ____D C:\Users\hp\AppData\Local\Adobe
2015-10-24 13:13 - 2014-09-08 22:39 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-19 19:52 - 2015-08-25 09:55 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-16 15:07 - 2015-01-12 23:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-16 15:06 - 2015-09-08 20:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 09:51 - 2015-01-18 21:56 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-10-10 20:43 - 2014-08-16 10:32 - 00000000 ____D C:\Users\hp\AppData\Roaming\dvdcss
2015-10-03 14:57 - 2014-08-03 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-01 20:54 - 2014-07-21 21:20 - 00000000 ____D C:\Users\hp
2015-10-01 17:49 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-01 17:38 - 2013-08-26 07:01 - 00579736 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-10-18 16:11 - 2014-10-18 16:11 - 6000640 _____ () C:\Program Files (x86)\GUTD051.tmp
2015-10-15 12:13 - 2015-10-15 12:13 - 0000017 _____ () C:\Users\hp\AppData\Local\resmon.resmoncfg
2015-10-13 09:51 - 2015-10-27 09:33 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\hp\AppData\Local\Temp\4k1v8lrs.dll
C:\Users\hp\AppData\Local\Temp\9C243680124dF.exe
C:\Users\hp\AppData\Local\Temp\a35eF6D800.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\hp\AppData\Local\Temp\COMAP.EXE
C:\Users\hp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmkry4v.dll
C:\Users\hp\AppData\Local\Temp\Extract.exe
C:\Users\hp\AppData\Local\Temp\fbiqumiq.dll
C:\Users\hp\AppData\Local\Temp\ffkp1b8o.dll
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\hp\AppData\Local\Temp\jiz-vcxg.dll
C:\Users\hp\AppData\Local\Temp\k44cf8lk.dll
C:\Users\hp\AppData\Local\Temp\OfficeSetup.exe
C:\Users\hp\AppData\Local\Temp\Quarantine.exe
C:\Users\hp\AppData\Local\Temp\qzcjrrzb.dll
C:\Users\hp\AppData\Local\Temp\rvnux3ji.dll
C:\Users\hp\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_92NKP-DRPV4-8HVM8-JXW76-72XKR_act_1_.exe
C:\Users\hp\AppData\Local\Temp\SP64339.exe
C:\Users\hp\AppData\Local\Temp\SP66866.exe
C:\Users\hp\AppData\Local\Temp\SP67280.exe
C:\Users\hp\AppData\Local\Temp\SP68055.exe
C:\Users\hp\AppData\Local\Temp\SP69229.exe
C:\Users\hp\AppData\Local\Temp\SP69393.exe
C:\Users\hp\AppData\Local\Temp\SP69401.exe
C:\Users\hp\AppData\Local\Temp\sqlite3.dll
C:\Users\hp\AppData\Local\Temp\sr_SettingsManagerSetup.exe
C:\Users\hp\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-26 12:25

==================== End of FRST.txt ============================

 

 

 

i have also attached the Addition.txt as well.

 Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-10-2015
Ran by O-GEE (2015-10-30 18:05:32)
Running from C:\Users\hp\Desktop
Windows 8.1 (X64) (2014-07-21 20:20:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3190061390-3777832906-3145808820-500 - Administrator - Disabled)
Guest (S-1-5-21-3190061390-3777832906-3145808820-501 - Limited - Disabled) => C:\Users\Guest
O-GEE (S-1-5-21-3190061390-3777832906-3145808820-1002 - Administrator - Enabled) => C:\Users\hp

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{50B00A1F-CB20-4AAB-A448-66B24B1E83A9}) (Version: 12.0.0.0 - Foroozani Software)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlackBerry Device Manager 7.1 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.1.0.44 - Research In Motion Ltd.)
BlackBerry Device Manager 7.1 (x32 Version: 7.1.0.44 - Research In Motion Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.56 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.56 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
CodeBlocks (HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EN (x32 Version: 13.0 - Corel Corporation) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Etisalat Nigeria (HKLM-x32\...\Etisalat Nigeria) (Version: 23.009.09.02.533 - Huawei Technologies Co.,Ltd)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 66.88.49277 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gordon's Gate Flash Driver 3.0.0.1 (HKLM-x32\...\Gordon's Gate Flash Driver) (Version: 3.0.0.1 - Sony Mobile Communications AB)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{8DD31D24-52CC-4DF7-AD21-E088EB48D902}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.116 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-09-2015 20:51:25 Scheduled Checkpoint
16-09-2015 20:04:14 Scheduled Checkpoint
23-09-2015 20:29:53 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-10-24 13:48 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {040DBD05-B8C3-4A79-AB14-540166DADC15} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {1D0EB568-74EC-4718-8C80-19557C8D4B8C} - System32\Tasks\{D250A546-4374-494B-AA50-F7AF47B44489} => pcalua.exe -a C:\Users\hp\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
Task: {23BA0E11-5E10-4C11-916E-B2FFD601A2E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {27CD03D2-E33A-4239-8BB1-6B5FCC3B3CF4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-25] (Dropbox, Inc.)
Task: {32E1931A-E640-4A3A-87D5-B7D66A082F92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3B186701-421B-491D-BB7A-4B8A3BC2809D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-24] (Adobe Systems Incorporated)
Task: {4B218BBA-762B-4392-BC90-455450D669FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {562F8E6A-CB94-443B-84DD-A8C5F9E3AE34} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {64B261B8-D01A-42B3-8D17-4A31F5D3F40E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {7900172C-B5D4-4602-832A-C9E52824D2CB} - System32\Tasks\Builder-S-2217020566 => c:\programdata\trusted publisher\sustainer\Builder.exe <==== ATTENTION
Task: {8CAB9A91-6D91-46BA-85C2-CAFD79070E00} - System32\Tasks\{2323CA2E-70A9-4BE5-A5BB-6DCEDE813FC8} => pcalua.exe -a C:\Users\hp\AppData\Local\Linkey\uninstall.exe
Task: {971202A8-0CF0-423B-BA50-DB26D9B805BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {97C61BA8-307B-4605-A7A1-617BAE615598} - System32\Tasks\{37EB2CDB-42EC-48BF-AC2F-3FCD60DE9FAD} => pcalua.exe -a "C:\Users\hp\Documents\softwares\COREL DRAW 13\CGS13\instmsia.exe" -d "C:\Users\hp\Documents\softwares\COREL DRAW 13\CGS13"
Task: {A951DD77-9D9F-49B3-9647-B5967E273E0E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-25] (Dropbox, Inc.)
Task: {D748B5C9-14CB-4113-985A-01E0F98149CE} - System32\Tasks\{19E69E8A-05E8-4864-AE5F-4EC4FE0F7917} => pcalua.exe -a "C:\Users\hp\Documents\softwares\COREL DRAW 13\CGS13\instmsiw.exe" -d "C:\Users\hp\Documents\softwares\COREL DRAW 13\CGS13"
Task: {FE2E2590-8980-4B19-810F-CFE0C7F56309} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Builder-S-2217020566.job => c:\programdata\trusted publisher\sustainer\Builder.exeO/schedule /profile c:\programdata\trusted publisher\sustainer\2217020566.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForO-GEE.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-27 14:52 - 2012-11-12 06:59 - 00657504 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\ouc.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-06-24 09:37 - 2014-06-24 09:37 - 00661752 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2013-09-25 06:48 - 2013-09-25 06:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-27 14:52 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\mingwm10.dll
2015-01-27 14:52 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\libgcc_s_dw2-1.dll
2015-01-27 14:52 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\QtCore4.dll
2015-01-27 14:52 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\QtNetwork4.dll
2015-01-27 14:52 - 2012-11-12 04:48 - 00843264 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\QueryStrategy.dll
2015-01-27 14:52 - 2012-10-31 10:11 - 00398336 _____ () C:\ProgramData\Etisalat Nigeria\OnlineUpdate\QtXml4.dll
2015-10-13 09:52 - 2015-08-06 04:47 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2015-10-13 09:52 - 2015-07-15 06:58 - 00065688 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2015-01-14 21:26 - 2014-07-24 04:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-01-14 21:26 - 2014-04-17 07:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-01-14 21:26 - 2014-07-24 04:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-10-28 08:33 - 2015-10-28 08:33 - 00071168 _____ () c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmkry4v.dll
2015-08-25 09:56 - 2015-09-24 00:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-08-25 09:56 - 2015-09-24 00:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-25 09:56 - 2015-09-24 00:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-25 09:56 - 2015-09-24 00:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-08-25 09:56 - 2015-09-24 00:06 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2015-08-25 09:56 - 2015-09-24 00:06 - 01128448 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-10-26 10:33 - 2015-10-20 15:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-26 10:33 - 2015-10-20 15:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:10894A2E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\Pictures\ANIMATIONS\1117699-1366x768-[DesktopNexus.com].jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9CA39ACE-E69A-4B53-AB9D-601BD399824C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{93EE831C-AC5C-43B6-A0D0-56555BAECFB2}] => (Allow) LPort=2869
FirewallRules: [{DFD18036-3973-4969-86D3-19AA532DBB41}] => (Allow) LPort=1900
FirewallRules: [{31E0714D-D72E-4CD1-9CB2-B7A3F76F411D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{DB2C9369-7E5C-496C-AD55-B63C9031DA70}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D8E877F8-FF91-4D5D-90E9-14918781F28A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9F4547AC-C29F-4C3E-8EB5-7062ADF4EF44}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{C2481943-C20E-4105-9743-9CA30354C992}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{EB6E656F-5F1E-4D64-9A7E-7DA65ADA012C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3B10E070-E58F-41FE-83F1-8EE0C045D2AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C714F656-1994-41F3-80E7-B87FDDFB3629}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E89B48F0-404D-4D0A-BA2F-C53A47F9BCCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1912D6E-24F2-4A91-BA16-1D6E7704C5F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11C5561D-B5CD-4854-9964-BF1ADA78304E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A684CB39-3610-495A-B78E-47DA485296FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{51D773C5-9A09-4DA7-8E34-07A42EEBFF70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A69FB7F3-BA0C-49FD-8361-387DE3A91592}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C1C169B7-DA0B-45C2-B2E1-E63108625CD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{375B8F2F-EDBA-492F-90E8-76155CA56418}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DDE028ED-FA55-4735-889F-4C914F4073D9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FBBDD24E-C862-42D3-8D3F-E7AB89241785}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{863C41FA-9E79-40CD-8729-0F17A2944599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D1DEEA71-E954-42A8-8F16-63638361169A}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6F6926D2-67C8-48BB-9AD3-536771F7EB20}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F22862C-1FD5-4D3F-96CE-3030F163E1D0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8F02BA2C-AB97-46D9-AA88-3E95EFF7F69B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C4EDC3E1-784A-4C66-B062-C1A981BDB6C6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{98DFC53D-7A6C-47E6-BF7A-04B9D8C8829C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{27A81D23-F783-45EE-9E31-64ED4BA7453A}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1487B181-E210-4F8A-9FC2-5EEDB3E394E8}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{96BC8336-D1EC-4DF1-8932-508DD0ACCEE7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{83F88DBC-13C4-4DB7-9970-CA86119B8F88}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{170430EE-6EE7-4826-B776-F416E9EDB0F0}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [{AD1241A1-C271-455B-B24D-FC356C1E00C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2DAF36B-72C0-4B65-ADCE-DFE5D21C5875}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBF24AA7-22D4-4BDB-BEAE-C6769E3BE518}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{A3F80D6F-4E26-4668-9D51-EF815D462A3C}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{BFF3700A-F76A-4D0E-9FD6-C698CE372818}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{C2ED2A7A-B43B-4B74-B4C8-A20EB4AE955E}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{13761E0D-FB2C-43C4-AD67-B346A48F8D61}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{A7A3DAF2-B970-42CB-9765-F78BE8AEE3A8}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
FirewallRules: [TCP Query User{456C7BBD-4901-4847-8FA8-219AFD07ADCF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{06261798-AE41-4035-AFF0-C167764D1849}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0FBB9B1F-5F0C-4280-BA11-7222E1AC7E23}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5C508204-6F7C-479D-8473-9AEA48EDF0A2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3DCF9322-9DAB-4C28-A759-99AC2D1AEBC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2015 05:55:58 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (10/28/2015 07:45:57 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (10/28/2015 07:41:15 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (10/28/2015 06:21:25 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (10/28/2015 06:10:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (10/28/2015 04:18:55 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (10/28/2015 04:18:44 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR O-GEE-2.local.

Error: (10/28/2015 04:18:44 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 0000:0000:0000:0000:0000:0000:0000:0001:5353   13 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR O-GEE.local.

Error: (10/28/2015 04:18:44 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 2.0.168.192.in-addr.arpa. PTR O-GEE-2.local.

Error: (10/28/2015 04:18:44 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   13 2.0.168.192.in-addr.arpa. PTR O-GEE.local.


System errors:
=============
Error: (10/30/2015 06:02:14 PM) (Source: DCOM) (EventID: 10029) (User: O-GEE)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (10/29/2015 08:06:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 82 time(s).

Error: (10/28/2015 07:45:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 81 time(s).

Error: (10/28/2015 06:21:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 80 time(s).

Error: (10/28/2015 01:46:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 79 time(s).

Error: (10/28/2015 08:39:18 AM) (Source: DCOM) (EventID: 10029) (User: O-GEE)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (10/27/2015 06:57:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 78 time(s).

Error: (10/27/2015 06:57:23 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (10/27/2015 06:57:22 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (10/27/2015 06:57:21 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


CodeIntegrity:
===================================
  Date: 2015-10-27 09:40:17.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-27 09:27:30.822
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-27 09:05:15.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-27 08:12:07.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-27 07:58:19.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-27 07:44:23.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-27 07:44:21.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-26 10:38:41.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-26 10:38:40.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-25 16:32:42.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-4555M APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7366.27 MB
Available physical RAM: 4626.09 MB
Total Virtual: 8582.27 MB
Available Virtual: 4819.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.83 GB) (Free:570.85 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.91 GB) (Free:1.7 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA488F2F)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

Thank you.

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 31 October 2015 - 09:11 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> iSafeSvc2.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(tsvr.com) C:\Users\hp\AppData\Roaming\TSv\TSvr.exe
(DTools LIMITED) C:\ProgramData\rWMiniPror\WMiniPro.exe
(TODO: <???>) C:\Program Files (x86)\SFK\SSFK.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
BHO: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.x64.dll => No File
BHO-x32: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF user.js: detected! => C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\user.js [2015-10-28]
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\searchplugins\delta-homes.xml [2015-10-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-25]
FF Extension: Default NewTab - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com [2015-10-24] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com [2015-10-27] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi [2015-10-24] [not signed]
FF Extension: Best Video Downloader 2 - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2015-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\defsearchp@gmail.com
CHR HomePage: Default -> hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
CHR StartupUrls: Default -> "hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg"
CHR DefaultSearchURL: Default -> hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> v9
CHR Extension: (BuyNsave) - C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg\ []
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [153600 2015-10-27] (XTab system) [File not signed]
R2 IhPul; C:\Users\hp\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [169632 2015-10-10] (TODO: <???>)
R2 WdsManPro; C:\ProgramData\rWMiniPror\WMiniPro.exe [294912 2015-10-26] (DTools LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [707760 2015-10-20] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib)
U1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
C:\Program Files (x86)\WinZipper
C:\Users\hp\AppData\Roaming\TSv
C:\ProgramData\rWMiniPror
C:\Program Files (x86)\XTab
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi 
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com
C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg
C:\Program Files (x86)\SFK
C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys
Task: {1D0EB568-74EC-4718-8C80-19557C8D4B8C} - System32\Tasks\{D250A546-4374-494B-AA50-F7AF47B44489} => pcalua.exe -a C:\Users\hp\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
Task: {7900172C-B5D4-4602-832A-C9E52824D2CB} - System32\Tasks\Builder-S-2217020566 => c:\programdata\trusted publisher\sustainer\Builder.exe <==== ATTENTION
Task: C:\Windows\Tasks\Builder-S-2217020566.job => c:\programdata\trusted publisher\sustainer\Builder.exeO/schedule /profile c:\programdata\trusted publisher\sustainer\2217020566.ini <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
C:\Users\hp\AppData\Local\Temp\4k1v8lrs.dll
C:\Users\hp\AppData\Local\Temp\9C243680124dF.exe
C:\Users\hp\AppData\Local\Temp\a35eF6D800.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\hp\AppData\Local\Temp\COMAP.EXE
C:\Users\hp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmkry4v.dll
C:\Users\hp\AppData\Local\Temp\Extract.exe
C:\Users\hp\AppData\Local\Temp\fbiqumiq.dll
C:\Users\hp\AppData\Local\Temp\ffkp1b8o.dll
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\hp\AppData\Local\Temp\jiz-vcxg.dll
C:\Users\hp\AppData\Local\Temp\k44cf8lk.dll
C:\Users\hp\AppData\Local\Temp\OfficeSetup.exe
C:\Users\hp\AppData\Local\Temp\Quarantine.exe
C:\Users\hp\AppData\Local\Temp\qzcjrrzb.dll
C:\Users\hp\AppData\Local\Temp\rvnux3ji.dll
C:\Users\hp\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_92NKP-DRPV4-8HVM8-JXW76-72XKR_act_1_.exe
C:\Users\hp\AppData\Local\Temp\SP64339.exe
C:\Users\hp\AppData\Local\Temp\SP66866.exe
C:\Users\hp\AppData\Local\Temp\SP67280.exe
C:\Users\hp\AppData\Local\Temp\SP68055.exe
C:\Users\hp\AppData\Local\Temp\SP69229.exe
C:\Users\hp\AppData\Local\Temp\SP69393.exe
C:\Users\hp\AppData\Local\Temp\SP69401.exe
C:\Users\hp\AppData\Local\Temp\sqlite3.dll
C:\Users\hp\AppData\Local\Temp\sr_SettingsManagerSetup.exe
C:\Users\hp\AppData\Local\Temp\UninstallHPSA.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#5 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2015 - 09:52 AM

Hello,

i am a little confuse,

 

Should i have it inside the FRST.txt notepad, or save it on desktop as fixlist.txt?



#6 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2015 - 10:09 AM

OK, i got it..

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-10-2015
Ran by O-GEE (2015-10-31 15:55:53) Run:1
Running from C:\Users\hp\Desktop
Loaded Profiles: O-GEE (Available Profiles: O-GEE & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> iSafeSvc2.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(tsvr.com) C:\Users\hp\AppData\Roaming\TSv\TSvr.exe
(DTools LIMITED) C:\ProgramData\rWMiniPror\WMiniPro.exe
(TODO: <???>) C:\Program Files (x86)\SFK\SSFK.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421614571&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421614605&from=obw&uid=WDCXWD10JPVX-60JC3T0_WD-WX51E93DKL54DKL54&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3190061390-3777832906-3145808820-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
BHO: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.x64.dll => No File
BHO-x32: BuyNsave -> {4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18} -> C:\Program Files (x86)\BuyNsave\v9sEsIoPL2EQvI.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF user.js: detected! => C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\user.js [2015-10-28]
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\searchplugins\delta-homes.xml [2015-10-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-25]
FF Extension: Default NewTab - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com [2015-10-24] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com [2015-10-27] [not signed]
FF Extension: Default SearchProtected  - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi [2015-10-24] [not signed]
FF Extension: Best Video Downloader 2 - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2015-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\defsearchp@gmail.com
CHR HomePage: Default -> hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
CHR StartupUrls: Default -> "hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg"
CHR DefaultSearchURL: Default -> hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> v9
CHR Extension: (BuyNsave) - C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg\ []
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [153600 2015-10-27] (XTab system) [File not signed]
R2 IhPul; C:\Users\hp\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [169632 2015-10-10] (TODO: <???>)
R2 WdsManPro; C:\ProgramData\rWMiniPror\WMiniPro.exe [294912 2015-10-26] (DTools LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [707760 2015-10-20] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib)
U1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
C:\Program Files (x86)\WinZipper
C:\Users\hp\AppData\Roaming\TSv
C:\ProgramData\rWMiniPror
C:\Program Files (x86)\XTab
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com
C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg
C:\Program Files (x86)\SFK
C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys
Task: {1D0EB568-74EC-4718-8C80-19557C8D4B8C} - System32\Tasks\{D250A546-4374-494B-AA50-F7AF47B44489} => pcalua.exe -a C:\Users\hp\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
Task: {7900172C-B5D4-4602-832A-C9E52824D2CB} - System32\Tasks\Builder-S-2217020566 => c:\programdata\trusted publisher\sustainer\Builder.exe <==== ATTENTION
Task: C:\Windows\Tasks\Builder-S-2217020566.job => c:\programdata\trusted publisher\sustainer\Builder.exeO/schedule /profile c:\programdata\trusted publisher\sustainer\2217020566.ini <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
C:\Users\hp\AppData\Local\Temp\4k1v8lrs.dll
C:\Users\hp\AppData\Local\Temp\9C243680124dF.exe
C:\Users\hp\AppData\Local\Temp\a35eF6D800.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\hp\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\hp\AppData\Local\Temp\COMAP.EXE
C:\Users\hp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmkry4v.dll
C:\Users\hp\AppData\Local\Temp\Extract.exe
C:\Users\hp\AppData\Local\Temp\fbiqumiq.dll
C:\Users\hp\AppData\Local\Temp\ffkp1b8o.dll
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\hp\AppData\Local\Temp\jiz-vcxg.dll
C:\Users\hp\AppData\Local\Temp\k44cf8lk.dll
C:\Users\hp\AppData\Local\Temp\OfficeSetup.exe
C:\Users\hp\AppData\Local\Temp\Quarantine.exe
C:\Users\hp\AppData\Local\Temp\qzcjrrzb.dll
C:\Users\hp\AppData\Local\Temp\rvnux3ji.dll
C:\Users\hp\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_92NKP-DRPV4-8HVM8-JXW76-72XKR_act_1_.exe
C:\Users\hp\AppData\Local\Temp\SP64339.exe
C:\Users\hp\AppData\Local\Temp\SP66866.exe
C:\Users\hp\AppData\Local\Temp\SP67280.exe
C:\Users\hp\AppData\Local\Temp\SP68055.exe
C:\Users\hp\AppData\Local\Temp\SP69229.exe
C:\Users\hp\AppData\Local\Temp\SP69393.exe
C:\Users\hp\AppData\Local\Temp\SP69401.exe
C:\Users\hp\AppData\Local\Temp\sqlite3.dll
C:\Users\hp\AppData\Local\Temp\sr_SettingsManagerSetup.exe
C:\Users\hp\AppData\Local\Temp\UninstallHPSA.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

End
*****************

Restore point was successfully created.
Processes closed successfully.
Failed to access process -> iSafeSvc2.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\WinZipper\winzipersvc.exe => Could not close process
C:\Users\hp\AppData\Roaming\TSv\TSvr.exe => No running process found
C:\ProgramData\rWMiniPror\WMiniPro.exe => No running process found
C:\Program Files (x86)\SFK\SSFK.exe => No running process found
C:\Program Files (x86)\XTab\CmdShell.exe => Could not close process
C:\Program Files (x86)\XTab\ProtectService.exe => Could not close process
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key could not remove.
HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key could not remove.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key could not remove.
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18}" => key removed successfully
"HKCR\CLSID\{4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{4aec5c90-4b66-4ac4-b5e7-b0176e0d9e18}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\user.js => not found.
Could not move "C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\searchplugins\delta-homes.xml" => Scheduled to move on reboot.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml => moved successfully
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com [2015-10-24] => not found.
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com [2015-10-27] => not found.
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi [2015-10-24] => not found.
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg\ => moved successfully
IHProtect Service => service removed successfully
IhPul => service removed successfully
SSFK => Unable to stop service.
SSFK => service removed successfully
WdsManPro => service removed successfully
winzipersvc => service removed successfully
{921265c3-88e5-40e1-8d74-df5314572900}Gw64 => Unable to stop service.
{921265c3-88e5-40e1-8d74-df5314572900}Gw64 => service removed successfully
iSafeKrnlMon => service removed successfully
C:\Program Files (x86)\WinZipper => moved successfully
C:\Users\hp\AppData\Roaming\TSv => moved successfully
C:\ProgramData\rWMiniPror => moved successfully
C:\Program Files (x86)\XTab => moved successfully
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\default_newtabff@gmail.com => moved successfully
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com => moved successfully
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\Extensions\defsearchp@gmail.com.xpi => moved successfully
"C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\extensions\default_newtabff@gmail.com" => not found.
"C:\ProgramData\japliehigicpjgdjdggegigmloncmfgg" => not found.
C:\Program Files (x86)\SFK => moved successfully
C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D0EB568-74EC-4718-8C80-19557C8D4B8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D0EB568-74EC-4718-8C80-19557C8D4B8C}" => key removed successfully
C:\Windows\System32\Tasks\{D250A546-4374-494B-AA50-F7AF47B44489} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D250A546-4374-494B-AA50-F7AF47B44489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7900172C-B5D4-4602-832A-C9E52824D2CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7900172C-B5D4-4602-832A-C9E52824D2CB}" => key removed successfully
C:\Windows\System32\Tasks\Builder-S-2217020566 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Builder-S-2217020566" => key removed successfully
C:\Windows\Tasks\Builder-S-2217020566.job => moved successfully
C:\ProgramData\Temp => ":10894A2E" ADS removed successfully.
C:\Users\hp\AppData\Local\Temp\4k1v8lrs.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\9C243680124dF.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\a35eF6D800.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\BlackBerryDeviceManager.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\BlackBerryLauncher.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\COMAP.EXE => moved successfully
C:\Users\hp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmkry4v.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\Extract.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\fbiqumiq.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\ffkp1b8o.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer-2.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\jiz-vcxg.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\k44cf8lk.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\OfficeSetup.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\qzcjrrzb.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\rvnux3ji.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_92NKP-DRPV4-8HVM8-JXW76-72XKR_act_1_.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP64339.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP66866.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP67280.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP68055.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP69229.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP69393.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\SP69401.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\hp\AppData\Local\Temp\sr_SettingsManagerSetup.exe => moved successfully
C:\Users\hp\AppData\Local\Temp\UninstallHPSA.exe => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
EmptyTemp: => 14.4 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-31 16:03:13)

C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\searchplugins\delta-homes.xml => Is moved successfully

==== End of Fixlog 16:03:13 ====



#7 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2015 - 10:23 AM

# AdwCleaner v5.015 - Logfile created 31/10/2015 at 16:16:58
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : O-GEE - O-GEE
# Running from : C:\Users\hp\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Elex-tech
[-] Folder Deleted : C:\Program Files (x86)\Cain
[-] Folder Deleted : C:\Program Files (x86)\YoutubeAdBlocke
[-] Folder Deleted : C:\ProgramData\WindowsMangerProtect
[-] Folder Deleted : C:\ProgramData\IHProtectUpDate
[-] Folder Deleted : C:\ProgramData\QWdsManProQ
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\FirefoxToolbar
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\RHEng
[!] Folder Not Deleted : C:\Users\hp\AppData\Roaming\FirefoxToolbar
[!] Folder Not Deleted : C:\Users\hp\AppData\Roaming\WinZipper
[!] Folder Not Deleted : C:\Users\hp\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[!] Folder Not Deleted : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKCU\Software\cain
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\dlsecuretb
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[!] Key Not Deleted : [x64] HKCU\Software\V9
[!] Key Not Deleted : [x64] HKCU\Software\cain
[!] Key Not Deleted : [x64] HKCU\Software\OB
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKU\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\j4oddeq8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istart.webssearches.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : webssearches
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-homes
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : v9
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.delta-homes.com/webfavicon.ico
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istart.webssearches.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : webssearches
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-homes
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : v9
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.delta-homes.com/webfavicon.ico
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.v9.com/web?type=ds&ts=1444211820&from=zzgbkk123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg&q={searchTerms}
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.v9.com?type=hp&ts=1444211820&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx51e93dkl54dkl54&z=20b2dd6f9ce08c6c9539e0fg8z6z3z6oag5g5bcoeg

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [12658 bytes] ##########
 



#8 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2015 - 10:36 AM

it doesn't work.. still directs me to DRVSTORE and still in Blue



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 31 October 2015 - 12:59 PM

still directs me to DRVSTORE and still in Blue


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

Lets also check this file.

Please run the Farbar Recovery Scan Tool. Enter iSafeSvc2.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

Wait for further instructions.

#10 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 03 November 2015 - 04:18 AM

Hello Nasdaq,

 Below is the systemlook.txt;

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:12 on 03/11/2015 by O-GEE
Administrator - Elevation successful

Invalid Context: reg HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run /sub

-= EOF =-

 

And in the search.txt is;

 

Farbar Recovery Scan Tool (x64) Version:29-10-2015
Ran by O-GEE (2015-11-03 10:16:39)
Running from C:\Users\hp\Desktop
Boot Mode: Normal

================== Search Files: "iSafeSvc2.exe" =============

====== End of Search ======

 

 

thank you..



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 03 November 2015 - 09:04 AM

There was a format error.

Try this search.

:reg
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run /sub


p.s.
Make sure the you have the two lines.

#12 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 03 November 2015 - 09:17 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:16 on 03/11/2015 by O-GEE
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
(Unable to open key - key not found)

-= EOF =-



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 03 November 2015 - 03:40 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#14 ogee450

ogee450
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 04 November 2015 - 03:55 AM

I am still having the same problem with my laptop.

 

For the Rkill, it didint come in a txt file, so i made a screen shot and attached it

 

 

For the zoek;

 

Zoek.exe v5.0.0.1 Updated 03-November-2015
Tool run by O-GEE on 04/11/2015 at  9:19:27.49.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\hp\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04/11/2015 09:21:45 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Nokia deleted successfully
C:\Program Files\AVAST Software deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully
C:\Users\hp\AppData\Roaming\DMCache deleted successfully
C:\Users\hp\AppData\Roaming\DragonLight deleted successfully
C:\Users\hp\AppData\Roaming\rmi deleted successfully
C:\Users\hp\AppData\Roaming\XCPCSync.OEM deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\hp\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\hp\AppData\Local\EmieSiteList deleted successfully
C:\Users\hp\AppData\Local\EmieUserList deleted successfully
C:\Users\hp\AppData\Local\MediaShow deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3190061390-3777832906-3145808820-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F207AD40-940B-4D5A-80B0-D3A8001B2858} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F207AD40-940B-4D5A-80B0-D3A8001B2858} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F207AD40-940B-4D5A-80B0-D3A8001B2858} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Nokia not found
C:\Users\hp\AppData\Roaming\0F1L1I1P0H1L1E1E1F deleted
C:\PROGRA~2\GUTD051.tmp deleted
C:\PROGRA~2\GUMD021.tmp deleted
C:\Users\hp\BITC77C.tmp deleted
C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ycw05yo2.default\extensions\staged deleted
"C:\windows\Installer\1ce1f.msi" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\pa3x37fi.default-1446305192833
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director
863AF0003392FEBC2667A8A790DED955    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll -    Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80



==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/710-29550-11896-25/4"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE41B493270B044459017897C71B3217 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AE41B493270B044459017897C71B3217 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\hp\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\hp\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\O-GEE\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\hp\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\hp\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\O-GEE\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\ycw05yo2.default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\ycw05yo2.default\cache2 emptied successfully
C:\Users\hp\AppData\Local\Mozilla\Firefox\Profiles\pa3x37fi.default-1446305192833\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\hp\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=99 folders=26 85070088 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\hp\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\hp\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/11/2015 at  9:50:14.94 ======================
 

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 04 November 2015 - 11:07 AM

Refer to this topic.
http://www.techsupportforum.com/forums/f112/system32-folder-opens-up-on-startup-and-drvstore-folder-is-in-blue-color-window7-64bit-601195.html

If the solution by koala can solve your problem.

Edited by nasdaq, 10 November 2015 - 10:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users