Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another computer - PUP?


  • This topic is locked This topic is locked
5 replies to this topic

#1 marsspeaks

marsspeaks

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 06 January 2016 - 11:31 AM

Hi, I'll get to the point because I've written a detailed description 2 times now and I accidentally closed out once, then another had my browser crash on me. So I'll try to do it again best way I can.

 

Someone tried to install wizard101 using a bundle/download manager type thing that was not from the offical wizard101 site. It came with bing.com and it was canceled before it could install anything else. I went to the official site and installed wizard101 and it comes with none of this.

 

Now when I open google chrome a home button tab for bing.com comes up and seems to be set as my default. 

 

I found out the verified publisher for the bundle/download manager is "Darwin Marketing Inc" when I did some googling this came up

 

https://www.reasoncoresecurity.com/wizard101-setup.exe-5f6691feb9a0adc34e66196f24e9f4c4ecf615a1.aspx

 

I'm sure everything is safe and this is just some annoying adware type thing but would like to be sure nothing else is on my computer. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by MNSFI (administrator) on MNSFI-HP (06-01-2016 10:15:35)
Running from C:\Users\MNSFI\Desktop
Loaded Profiles: MNSFI & M2 (Available Profiles: MNSFI & M2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [10182440 2015-04-06] (Visicom Media Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{443F46C9-765A-48B5-BC87-489196BD181A}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c8b5614
HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-02] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-02] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-02] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-c8b5614
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-c8b5614","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=INCOH2&PC=IC03&PTAG=ICO-c8b5614&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by bing.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-24]
CHR Extension: (Google Drive) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (Google Search) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-24]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-24] (Xobni Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 10:15 - 2016-01-06 10:17 - 00020258 _____ C:\Users\MNSFI\Desktop\FRST.txt
2016-01-06 10:14 - 2016-01-06 10:15 - 00000000 ____D C:\FRST
2016-01-06 10:10 - 2016-01-06 10:11 - 02370560 _____ (Farbar) C:\Users\MNSFI\Desktop\FRST64.exe
2016-01-06 09:52 - 2016-01-06 09:52 - 00000100 _____ C:\Users\M2\Desktop\New Text Document.txt
2016-01-06 09:52 - 2016-01-06 09:52 - 00000000 ____D C:\Users\M2\Desktop\New folder
2015-12-28 14:19 - 2015-12-28 14:19 - 12257760 _____ (Acresso Software Inc.) C:\Users\M2\Desktop\InstallWizard101.exe
2015-12-28 14:19 - 2015-12-28 14:19 - 00000817 _____ C:\Users\M2\Desktop\Play Wizard101.lnk
2015-12-28 14:19 - 2015-12-28 14:19 - 00000000 ____D C:\Users\M2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
2015-12-28 14:19 - 2015-12-28 14:19 - 00000000 ____D C:\Users\M2\AppData\Roaming\InstallShield Installation Information
2015-12-28 14:19 - 2015-12-28 14:19 - 00000000 ____D C:\ProgramData\KingsIsle Entertainment
2015-12-28 14:11 - 2015-12-28 14:12 - 12257760 _____ (Acresso Software Inc.) C:\Users\MNSFI\Downloads\InstallWizard101.exe
2015-12-28 14:09 - 2015-12-28 14:08 - 12239960 _____ (Acresso Software Inc.) C:\Users\MNSFI\Downloads\Wizard101 Setup.exe
2015-12-26 09:29 - 2015-12-26 11:47 - 00000000 ____D C:\Users\M2\AppData\Local\{40D2CDD4-BF6E-41AD-BF92-E328FEEA6B64}
2015-12-26 09:29 - 2015-12-26 09:29 - 00000000 ____D C:\Users\M2\AppData\Local\{9F9A62A2-B0DC-4643-9C09-C6E94A8C9852}
2015-12-24 14:21 - 2015-12-24 14:21 - 00000000 ____D C:\Users\M2\AppData\Local\{B4777953-B25E-4FE6-BA05-33F599A94FFD}
2015-12-21 19:54 - 2015-12-21 19:54 - 00000000 ____D C:\Users\M2\AppData\Local\Apple
2015-12-19 07:29 - 2015-12-19 07:30 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\M2\Downloads\flashplayer20_a_install.exe
2015-12-19 07:21 - 2015-12-28 14:09 - 00001205 _____ C:\Users\M2\Desktop\Mozilla Firefox.lnk
2015-12-19 07:21 - 2015-12-19 07:27 - 00000000 ____D C:\Users\M2\AppData\Local\Mozilla Firefox
2015-12-19 07:21 - 2015-12-19 07:27 - 00000000 ____D C:\Users\M2\AppData\Local\Mozilla
2015-12-19 07:21 - 2015-12-19 07:21 - 00001195 _____ C:\Users\M2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-19 07:21 - 2015-12-19 07:21 - 00000000 ____D C:\Users\M2\AppData\Roaming\Mozilla
2015-12-19 07:15 - 2015-12-19 07:15 - 00249416 _____ C:\Users\M2\Downloads\Firefox Setup Stub 43.0.1.exe
2015-12-18 10:44 - 2015-12-26 09:29 - 00000000 ____D C:\Users\M2\AppData\Local\Windows Live
2015-12-18 10:43 - 2015-12-18 10:44 - 00000000 ____D C:\Users\M2\AppData\Local\{37612B53-017D-44A0-B1BD-9EF6E02B13D7}
2015-12-16 10:51 - 2015-12-16 10:51 - 00004313 _____ C:\Users\M2\Downloads\xz.html
2015-12-16 10:51 - 2015-12-16 10:51 - 00000000 ____D C:\Users\M2\Downloads\xz_files
2015-12-11 16:52 - 2015-12-11 16:52 - 00000000 ____D C:\Users\M2\AppData\Local\Apple Computer
2015-12-11 11:01 - 2015-12-11 11:01 - 00007142 _____ C:\Users\M2\Downloads\CDR_voice_4693091431.csv
2015-12-09 00:45 - 2015-12-09 00:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-12-09 00:24 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 00:24 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 00:24 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 00:24 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 00:24 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 00:24 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 00:24 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 00:24 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 00:24 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 00:24 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 00:24 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 00:24 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 00:23 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 00:23 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 00:23 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 00:23 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 00:23 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 00:23 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 00:23 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 00:22 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 00:22 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 00:22 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 00:22 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 00:22 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 00:22 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 00:22 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 00:22 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 00:22 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 00:22 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 00:22 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 00:22 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 00:22 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 00:22 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 00:22 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 00:22 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 00:22 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 00:22 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 00:22 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 00:22 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 00:22 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 00:22 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 00:22 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 00:22 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 00:22 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 00:22 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 00:22 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 00:22 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 00:22 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 00:22 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 00:22 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 00:22 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 00:22 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 00:22 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 00:22 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 00:22 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 00:22 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 00:22 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 00:22 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 00:22 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 00:22 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 00:22 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 00:22 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 00:22 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 00:22 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 00:22 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 00:22 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 00:22 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 00:22 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 00:22 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 00:22 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 00:22 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 00:22 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 00:22 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 00:22 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 00:22 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 00:21 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 00:21 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 00:21 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 00:21 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 00:21 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 00:21 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 00:21 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 00:21 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 00:21 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 00:21 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 00:21 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 00:21 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 00:21 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 00:21 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 00:21 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 00:21 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 00:21 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 10:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-06 10:12 - 2015-05-24 19:33 - 00000000 ____D C:\Users\MNSFI\AppData\Roaming\Skype
2016-01-06 10:11 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 10:11 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 09:23 - 2015-05-24 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-06 08:51 - 2015-05-24 19:06 - 00000000 ____D C:\ProgramData\MFAData
2016-01-06 08:23 - 2015-05-24 18:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-05 20:28 - 2015-05-29 06:30 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B95D5CC6-1CB3-4276-A64C-9EAF134154AC}
2016-01-05 18:34 - 2015-05-24 18:51 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{32A46A78-2851-4CBF-A7EA-CDDC80811976}
2016-01-04 18:33 - 2011-08-02 15:10 - 00000000 ____D C:\ProgramData\PDFC
2016-01-03 21:30 - 2015-05-24 21:35 - 00000000 ____D C:\Users\MNSFI\AppData\Roaming\Audacity
2016-01-02 18:35 - 2015-09-15 12:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMNSFI
2016-01-02 18:35 - 2015-09-15 12:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMNSFI.job
2016-01-01 03:40 - 2009-07-13 23:13 - 00782228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 03:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-01 03:36 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-28 14:09 - 2015-05-24 18:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-19 07:30 - 2015-10-23 09:25 - 00000000 ____D C:\Users\M2\AppData\Local\Adobe
2015-12-16 22:37 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-12 18:05 - 2015-07-18 17:57 - 00001854 _____ C:\Users\MNSFI\AppData\Roaming\GhostObjGAFix.xml
2015-12-11 23:03 - 2015-05-29 21:25 - 00000000 ____D C:\Users\MNSFI\AppData\Local\ManyCam
2015-12-11 23:00 - 2009-07-13 22:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 16:52 - 2015-09-25 15:27 - 00000000 ____D C:\Users\M2\AppData\Roaming\Apple Computer
2015-12-11 09:08 - 2015-05-28 18:39 - 00000000 ____D C:\Users\MNSFI\AppData\Local\CrashDumps
2015-12-09 13:28 - 2015-05-24 19:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-09 00:55 - 2015-05-26 02:14 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:26 - 2015-05-26 02:35 - 00774870 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2015-07-18 17:57 - 2015-12-12 18:05 - 0001854 _____ () C:\Users\MNSFI\AppData\Roaming\GhostObjGAFix.xml
2015-06-07 21:21 - 2015-07-24 21:11 - 0010752 _____ () C:\Users\MNSFI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 15:22 - 2015-08-01 15:22 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx0756
2015-05-28 19:32 - 2015-05-28 19:32 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx0a38
2015-05-31 23:03 - 2015-05-31 23:03 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx0ae3
2015-10-02 06:28 - 2015-10-02 06:28 - 0047475 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx0c5c
2015-08-17 04:08 - 2015-08-17 04:08 - 0242769 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx1022
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx1257
2015-08-17 04:08 - 2015-08-17 04:08 - 0242769 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx1531
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx1c40
2015-09-15 19:22 - 2015-09-15 19:22 - 0266074 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx1fb6
2015-09-15 18:22 - 2015-09-15 18:22 - 0266074 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx2300
2015-09-15 18:22 - 2015-09-15 18:22 - 0266074 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx25f1
2015-07-22 00:13 - 2015-07-22 00:13 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx2634
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx2d3d
2015-08-28 17:01 - 2015-08-28 17:01 - 0040504 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx31f7
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx3368
2015-05-28 21:03 - 2015-05-28 21:03 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx366d
2015-07-22 00:12 - 2015-07-22 00:12 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx3cbc
2015-05-30 17:00 - 2015-05-30 17:00 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx3ec3
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx40f8
2015-08-15 17:19 - 2015-08-15 17:19 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx45e2
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx46b7
2015-08-17 04:08 - 2015-08-17 04:08 - 0242769 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx4864
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx48b1
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx49e5
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx4cba
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx528d
2015-06-24 23:58 - 2015-06-24 23:58 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx5811
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx5929
2015-06-01 23:24 - 2015-06-01 23:24 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx5d36
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx5ec6
2015-07-23 16:44 - 2015-07-23 16:44 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx6097
2015-09-07 17:20 - 2015-09-07 17:20 - 0040504 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx654d
2015-08-17 04:08 - 2015-08-17 04:08 - 0242769 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx665d
2015-09-11 04:17 - 2015-09-11 04:17 - 0047380 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx66b5
2015-05-28 21:42 - 2015-05-28 21:42 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx6b91
2015-11-05 19:23 - 2015-11-05 19:23 - 0047475 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx6c7f
2015-09-07 17:20 - 2015-09-07 17:20 - 1328112 _____ (DivX, LLC) C:\Users\MNSFI\AppData\Local\Tempdivx720e.exe
2015-05-28 21:31 - 2015-05-28 21:31 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx744b
2015-10-09 11:29 - 2015-10-09 11:29 - 0047475 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx76ce
2015-09-15 18:22 - 2015-09-15 18:22 - 0266074 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx7a30
2015-05-31 22:55 - 2015-05-31 22:55 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx7a34
2015-05-28 18:39 - 2015-05-28 18:39 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx83b5
2015-05-30 17:19 - 2015-05-30 17:19 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx8763
2015-06-25 01:10 - 2015-06-25 01:10 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx8c3b
2015-05-28 21:00 - 2015-05-28 21:00 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx8eff
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx9b41
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivx9bdb
2015-05-28 21:20 - 2015-05-28 21:20 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxa1af
2015-08-28 08:50 - 2015-08-28 08:50 - 0040504 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxbf1a
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxc432
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxc5e7
2015-10-15 16:16 - 2015-10-15 16:16 - 0047475 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxc895
2015-08-28 08:50 - 2015-08-28 08:50 - 0040504 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxc987
2015-08-18 09:33 - 2015-08-18 09:33 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxca5e
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxcf1d
2015-07-21 23:47 - 2015-07-21 23:47 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd01d
2015-06-18 01:05 - 2015-06-18 01:05 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd2b9
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd61b
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd751
2015-06-18 00:55 - 2015-06-18 00:55 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd8fd
2015-06-13 22:12 - 2015-06-13 22:12 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd936
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxd9a9
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxda1f
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxdb1f
2015-09-15 18:22 - 2015-09-15 18:22 - 0266074 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxdb21
2015-09-19 19:52 - 2015-09-19 19:52 - 0047475 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxde04
2015-06-21 08:42 - 2015-06-21 08:42 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxe0c6
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxe3a8
2015-09-08 20:02 - 2015-09-08 20:02 - 0266568 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxe4dc
2015-06-18 00:33 - 2015-06-18 00:33 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxe79c
2015-09-07 17:20 - 2015-09-07 17:20 - 0040504 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxec11
2015-05-28 22:44 - 2015-05-28 22:44 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxee29
2015-08-17 04:08 - 2015-08-17 04:08 - 0242769 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxee76
2015-08-28 17:01 - 2015-08-28 17:01 - 1328112 _____ (DivX, LLC) C:\Users\MNSFI\AppData\Local\Tempdivxef21.exe
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxf25b
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxf436
2015-08-12 23:15 - 2015-08-12 23:15 - 0043494 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxf53a
2015-05-28 18:39 - 2015-05-28 18:39 - 0043682 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxfaa8
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxfbee
2015-07-08 01:08 - 2015-07-08 01:08 - 0253196 _____ () C:\Users\MNSFI\AppData\Local\Tempdivxfe9c
2015-08-28 08:50 - 2015-08-28 08:50 - 1328112 _____ (DivX, LLC) C:\Users\MNSFI\AppData\Local\Tempdivxfeb0.exe
 
Some files in TEMP:
====================
C:\Users\M2\AppData\Local\Temp\ICReinstall_Wizard101 Setup.exe
C:\Users\MNSFI\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MNSFI\AppData\Local\Temp\SP54714.exe
C:\Users\MNSFI\AppData\Local\Temp\SP57049.exe
C:\Users\MNSFI\AppData\Local\Temp\sp58915.exe
C:\Users\MNSFI\AppData\Local\Temp\SP59202.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 20:59
 
==================== End of FRST.txt ============================

Attached Files


Edited by marsspeaks, 06 January 2016 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 07 January 2016 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\M2\AppData\Local\Temp\ICReinstall_Wizard101 Setup.exe
C:\Users\MNSFI\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MNSFI\AppData\Local\Temp\SP54714.exe
C:\Users\MNSFI\AppData\Local\Temp\SP57049.exe
C:\Users\MNSFI\AppData\Local\Temp\sp58915.exe
C:\Users\MNSFI\AppData\Local\Temp\SP59202.exe


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Please post the logs and let me know what problem persists.

#3 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 07 January 2016 - 01:10 PM

Here are my logs!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by MNSFI (2016-01-07 10:48:31) Run:1
Running from C:\Users\MNSFI\Desktop
Loaded Profiles: MNSFI & M2 (Available Profiles: MNSFI & M2)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
 
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c8b5614&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1349756922-4081535394-1772807620-1004 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-1349756922-4081535394-1772807620-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\M2\AppData\Local\Temp\ICReinstall_Wizard101 Setup.exe
C:\Users\MNSFI\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MNSFI\AppData\Local\Temp\SP54714.exe
C:\Users\MNSFI\AppData\Local\Temp\SP57049.exe
C:\Users\MNSFI\AppData\Local\Temp\sp58915.exe
C:\Users\MNSFI\AppData\Local\Temp\SP59202.exe
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-1349756922-4081535394-1772807620-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKU\S-1-5-21-1349756922-4081535394-1772807620-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\M2\AppData\Local\Temp\ICReinstall_Wizard101 Setup.exe => moved successfully
C:\Users\MNSFI\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\MNSFI\AppData\Local\Temp\SP54714.exe => moved successfully
C:\Users\MNSFI\AppData\Local\Temp\SP57049.exe => moved successfully
C:\Users\MNSFI\AppData\Local\Temp\sp58915.exe => moved successfully
C:\Users\MNSFI\AppData\Local\Temp\SP59202.exe => moved successfully
EmptyTemp: => 6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:56:51 ====
 
 
 
# AdwCleaner v5.028 - Logfile created 07/01/2016 at 11:32:28
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : MNSFI - MNSFI-HP
# Running from : C:\Users\MNSFI\Desktop\adwcleaner_5.028.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\M2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\M2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\M2\Desktop\eBay.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
 
***** [ Web browsers ] *****
 
[-] [C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\MNSFI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\M2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\M2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1477 bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64 
Ran by MNSFI (Administrator) on Thu 01/07/2016 at 11:42:19.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 80 
 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx0756 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx0a38 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx0ae3 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx0c5c (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx1022 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx10f6 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx1257 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx1531 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx1c40 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx1fb6 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx2300 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx25f1 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx2634 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx2d3d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx31f7 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx3368 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx366d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx3ac8 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx3cbc (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx3ec3 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx40f8 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx45e2 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx46b7 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx4864 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx48b1 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx49e5 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx4cba (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx528d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx5811 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx5929 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx5d36 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx5ec6 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx6097 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx654d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx665d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx66b5 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx6b91 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx6c7f (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx744b (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx76ce (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx7a30 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx7a34 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx83b5 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx8763 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx8c3b (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx8eff (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx9b41 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivx9bdb (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxa1af (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxbf1a (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxc432 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxc5e7 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxc895 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxc987 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxca5e (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxcf1d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd01d (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd2b9 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd61b (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd751 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd8fd (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd936 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxd9a9 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxda1f (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxdb1f (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxdb21 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxde04 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxe0c6 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxe3a8 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxe4dc (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxe79c (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxec11 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxee29 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxee76 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxf25b (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxf436 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxf53a (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxfaa8 (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxfbee (File) 
Successfully deleted: C:\Users\MNSFI\AppData\Local\Tempdivxfe9c (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/07/2016 at 11:48:12.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
With JAVA I uninstalled both versions and I don't think I'll bother installing unless I absolutely need too on here. 
 
Was there anything with Bing I needed to remove? I just checked didn't notice anything new for Bing in my installed programs besides the bing bar but that comes with my computer. I went ahead and set my default home button back to google and my default search provider as google also. I guess it would have done more changes had it not been cancelled? Just think its odd nothing much came up besides those changes unless they weren't picked up. 

 

Was this nothing more than PUP just to screw with my search settings?


Edited by marsspeaks, 07 January 2016 - 01:14 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 08 January 2016 - 08:51 AM

Was this nothing more than PUP just to screw with my search settings?


Sure looks like it.
These entries were left over from the removal of the problematic install of some 3rd party software.

It was a good cleanup. EmptyTemp: => 6 GB temporary data Removed.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 10 January 2016 - 06:17 PM

Yes, I think we may be done. Seems fine. Runs a bit slow and especially when watching youtube videos starts to lag and freeze but i think thats more of a hardware issue! 

 

I'll be posting a new thread to one more laptop later.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 11 January 2016 - 08:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users