Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message..... C:\Windows\SysWOW64\cmd.exe


  • Please log in to reply
14 replies to this topic

#1 zachj

zachj

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 18 January 2016 - 09:08 PM

This keeps popping up from Zone alarm.  Google Chrome is trying to launch C:\Windows\SysWOW64\cmd.exe or use another program to gain access to privileged resource.

 

Here are the scans....

 

Security Check

 

Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

 

 

MiniToolbox

 

MiniToolBox by Farbar  Version: 21-07-2014

Ran by zj (administrator) on 18-01-2016 at 16:08:46
Running from "C:\Users\zj\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/18/2016 03:48:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2016 03:45:25 PM) (Source: BstHdAndroidSvc) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/17/2016 11:07:15 AM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/14/2016 10:34:38 PM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/14/2016 03:30:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/14/2016 03:27:05 AM) (Source: BstHdAndroidSvc) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/13/2016 06:56:59 AM) (Source: MsiInstaller) (User: zj-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/12/2016 10:56:30 PM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/12/2016 10:56:09 PM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/12/2016 10:55:17 PM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
 
System errors:
=============
Error: (01/18/2016 07:09:08 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 07:09:05 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:15:21 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:15:18 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:08:31 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:08:28 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:04:30 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 06:04:27 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 04:21:20 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/18/2016 04:21:17 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (01/18/2016 03:48:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2016 03:45:25 PM) (Source: BstHdAndroidSvc)(User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/17/2016 11:07:15 AM) (Source: LMS)(User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/14/2016 10:34:38 PM) (Source: LMS)(User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/14/2016 03:30:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/14/2016 03:27:05 AM) (Source: BstHdAndroidSvc)(User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/13/2016 06:56:59 AM) (Source: MsiInstaller)(User: zj-PC)
Description: Adobe Acrobat Reader DC{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}1625(NULL)(NULL)(NULL)
 
Error: (01/12/2016 10:56:30 PM) (Source: LMS)(User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/12/2016 10:56:09 PM) (Source: LMS)(User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (01/12/2016 10:55:17 PM) (Source: LMS)(User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3975 - APN, LLC)
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.5080 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
eSignal (x32 Version: 10.6.2124.1086 - eSignal) Hidden
eSignal 10.6 (HKLM-x32\...\eSignal) (Version: 10.6.2124.1086 - eSignal)
GentleMouse (HKLM-x32\...\{F375AC85-D050-425A-A166-004EF4396B49}) (Version: 2.0 - Gentle Computing)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKCU\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
InfoLinkAtl x32 Components (HKLM-x32\...\{473F7D3E-214A-4B0F-86F3-7F2C038DECB1}) (Version: 6.6.0 - Sungard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MBT Desktop (HKLM-x32\...\MBT Desktop) (Version: 11.9.0.44 - MB Trading, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.0.30717.9005 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MP3 To WAV Decoder version 1.0 r2 (HKLM-x32\...\{05B3E767-B182-4279-A35A-A56810C77CFD}_is1) (Version: 1.0 r2 - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NinjaTrader 7 (HKLM-x32\...\{8ADDE131-42C2-4B1E-B8B4-F8A7C139719C}) (Version: 7.0.1030 - NinjaTrader)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Primus V RemoteApp (HKLM-x32\...\{7C4CF7DC-6B12-4E67-84D8-92EE2ED74509}) (Version: 5.0.2 - PrimusTrade LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RSDLite (HKLM-x32\...\{3274972B-2BBA-446E-9745-0CE66BDF2DF9}) (Version: 5.6.4 - Motorola)
SchweserPro Level 1 2014 (HKLM-x32\...\SchweserPro Level 1 2014) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Sterling Trader Pro (HKLM-x32\...\{F9EBCE70-48D4-4176-9358-52FF05DBF4CB}) (Version: 5.0.24 - Sterling Trader Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2012 (KB3002339) (HKLM-x32\...\{29da3a37-6a61-4767-bb98-86d0515cd0b1}) (Version: 11.0.61129 - Microsoft Corporation)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Software Development Kit (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
ZoneAlarm Firewall (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 12.0.118.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.28.13 - Check Point Software Technologies LTD)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 3956.61 MB
Available physical RAM: 1698.51 MB
Total Pagefile: 7911.43 MB
Available Pagefile: 5641.86 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.22 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:927.75 GB) (Free:840.98 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ZJ-PC
 
Administrator            Guest                    zj                       
 
 
**** End of log ****
 
 
RKILL
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/18/2016 04:09:49 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/18/2016 04:10:47 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
 
 
AdwCleaner
 
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 16:16:47
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : zj - ZJ-PC
# Running from : C:\Users\zj\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[-] Folder Deleted : C:\Users\zj\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\zj\AppData\LocalLow\Yahoo!\Companion
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysocialshortcut.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysocialshortcut.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysocialshortcut.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysocialshortcut.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.zonealarm.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.zonealarm.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bankingmyway.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bankingmyway.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.finditparts.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.finditparts.com_0.localstorage-journal
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : HKCU\Software\Check Point Software Technologies LTD
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Check Point Software Technologies LTD
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hgeaklkciolgbejekedbdphhbjbiaamp
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [10684 bytes] ##########
 
 
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/18/2016
Scan Time: 4:26 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.18.06
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: zj
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354809
Time Elapsed: 16 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41564952-412D-5637-00A7-A758B70C1500}, Quarantined, [42dc83b85148bb7b6a633db1798af907], 
 
Registry Values: 5
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41564952-412D-5637-00A7-A758B70C1500}|InstallSource, C:\ProgramData\APN\APN-Stub\AVIRA-V7\, Quarantined, [42dc83b85148bb7b6a633db1798af907]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{D8698EC5-5009-49F3-AAAD-047B48071BCE}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [3ce280bb2079cc6a5dd461c16f95bc44]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{140FCAE1-D991-4F23-82C5-1EB67E7372FF}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [3fdf8bb0a8f13afcee43de4448bca858]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{56393664-A6BD-4E0C-8B3E-6697A71332DE}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\SysWOW64\ARFC\wrtc.exe|Name=wrtc|, Quarantined, [e638cb70178294a2cf3c76adbe460bf5]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{9B8C7FA7-77D4-43AB-8A36-09F7A62F6946}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\SysWOW64\ARFC\wrtc.exe|Name=wrtc|, Quarantined, [011dc17a900959dda6655ac9887cce32]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7, Quarantined, [dd4186b561384de9ba24dded699930d0], 
 
Files: 10
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi1499f3c5-a6de-4d8d-8578-9ba7bac6d17f.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi1bce4e2a-5174-4948-9eb6-7f73f5ac1957.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi1d4d8dee-7b02-439f-ae39-bfa0fcfe972c.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi3e21d40a-b158-4576-af83-aa8bb4873f1e.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb10164340-86a5-4cb0-83d7-4ef84a3c2134.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb1499f3c5-a6de-4d8d-8578-9ba7bac6d17f.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb1bce4e2a-5174-4948-9eb6-7f73f5ac1957.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb1d4d8dee-7b02-439f-ae39-bfa0fcfe972c.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb3e21d40a-b158-4576-af83-aa8bb4873f1e.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb9f29c4af-84cc-4676-b24a-8e60e3cdf167.log, Quarantined, [dd4186b561384de9ba24dded699930d0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET
 
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted
C:\Users\zj\AppData\LocalLow\Sun\Java\jre1.7.0_60\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\Installer\MSI32AF.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\Installer\MSI7D5A.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\Installer\MSIB9E3.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe Win32/SweetIM.G potentially unwanted application deleted
 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 19 January 2016 - 07:49 AM

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
Reset Chrome browser settings

You can reset your browser settings in Chrome any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the Chrome menu
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2016 - 06:41 PM

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x64 
Ran by zj (Administrator) on Mon 01/18/2016 at 16:21:52.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\zj\AppData\Local\com (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\cre (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\zj\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RBY2STB (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62ER6124 (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJ7CX36H (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KEWHU9SU (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0TEQ9BA (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8PQUWDT (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLUNUUTM (Folder) 
Successfully deleted: C:\Users\zj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNVSQ1MX (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/18/2016 at 16:24:33.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run gentleMouse Gentle Computing, LLC C:\Program Files (x86)\Gentle Computing\GentleMouse\GentleMouse.exe
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run atchk Intel Corporation "C:\Program Files (x86)\Intel\AMT\atchk.exe"
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run Cisco AnyConnect Secure Mobility Agent for Windows Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SoundMAXPnP Analog Devices, Inc. C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run VMM Mode Selection C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
Yes HKLM:Run ZoneAlarm Check Point Software Technologies LTD "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\zj\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
 
 
7-Zip 9.20 12/21/2014
Adobe Acrobat Reader DC Adobe Systems Incorporated 1/13/2016 213 MB 15.010.20056
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 12/9/2015 8.46 MB 20.0.0.228
AIM for Windows AOL Inc. 6/9/2015
Apple Application Support Apple Inc. 6/9/2013 64.7 MB 2.3.4
Apple Software Update Apple Inc. 6/9/2013 2.38 MB 2.1.3.127
Avira Antivirus Avira Operations GmbH & Co. KG 12/10/2015 15.0.15.129
Avira Launcher Avira Operations GmbH & Co. KG 1/14/2016 11.5 MB 1.1.53.13962
Avira SearchFree Toolbar 12/12/2014
BlueStacks App Player BlueStack Systems, Inc. 11/1/2015 1.44 GB 0.10.7.5601
CCleaner Piriform 1/19/2016 5.13
Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 3/9/2013 3.0.5080
Cisco WebEx Meetings Cisco WebEx LLC 6/17/2015
Citrix Online Launcher Citrix 9/9/2015 302 KB 1.0.335
CutePDF Writer 3.0 CutePDF.com 5/19/2013 3.0
Dropbox Dropbox, Inc. 12/12/2015 3.12.5
EaseUS Data Recovery Wizard 7.0 EaseUS 2/24/2014 25.5 MB
Entity Framework Designer for Visual Studio 2012 - enu Microsoft Corporation 7/11/2013 32.6 MB 11.1.20810.00
ESET Online Scanner v3 1/18/2016
eSignal 10.6 eSignal 6/14/2013 10.6.2124.1086
GentleMouse Gentle Computing 3/30/2015 15.1 MB 2.0
Google Chrome Google Inc. 3/7/2013 47.0.2526.111
Google Toolbar for Internet Explorer Google Inc. 12/18/2015 7.5.7210.1528
Google Update Helper 8/15/2012
GoToMeeting 7.9.0.4288 CitrixOnline 1/18/2016 7.9.0.4288
IIS 8.0 Express Microsoft Corporation 7/20/2013 34.9 MB 8.0.1557
IIS Express Application Compatibility Database for x64 7/20/2013
IIS Express Application Compatibility Database for x86 7/20/2013
InfoLinkAtl x32 Components Sungard 6/10/2015 1.93 MB 6.6.0
Intel® Graphics Media Accelerator Driver Intel Corporation 11/26/2013 54.2 MB 8.15.10.1930
Intel® Management Engine Interface Intel Corporation 3/7/2013
Intel® Active Management Technology Intel Corporation 3/7/2013
Java 8 Update 66 Oracle Corporation 1/18/2016 21.1 MB 8.0.660.18
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/18/2016 66.0 MB 2.2.0.1024
MBT Desktop MB Trading, Inc. 4/5/2014 11.9.0.44
Microsoft .NET Framework 4.5 Microsoft Corporation 7/11/2013 38.8 MB 4.5.50709
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 7/11/2013 41.8 MB 4.5.50709
Microsoft .NET Framework 4.5 SDK Microsoft Corporation 7/11/2013 18.5 MB 4.5.50709
Microsoft ASP.NET MVC 3 Microsoft Corporation 10/16/2014 599 KB 3.0.50813.0
Microsoft ASP.NET Web Pages Microsoft Corporation 7/20/2013 1.14 MB 1.0.20105.0
Microsoft Help Viewer 2.0 Microsoft Corporation 7/11/2013 12.1 MB 2.0.50727
Microsoft Silverlight Microsoft Corporation 1/14/2016 398 MB 5.1.41212.0
Microsoft Silverlight 4 SDK Microsoft Corporation 7/20/2013 51.6 MB 4.0.60310.0
Microsoft Silverlight 5 SDK Microsoft Corporation 7/20/2013 77.5 MB 5.0.61118.0
Microsoft SQL Server 2012 Command Line Utilities Microsoft Corporation 7/11/2013 1.00 MB 11.0.2100.60
Microsoft SQL Server 2012 Data-Tier App Framework Microsoft Corporation 7/11/2013 23.5 MB 11.0.2316.0
Microsoft SQL Server 2012 Express LocalDB Microsoft Corporation 7/11/2013 156 MB 11.0.2100.60
Microsoft SQL Server 2012 Management Objects Microsoft Corporation 7/11/2013 24.9 MB 11.0.2100.60
Microsoft SQL Server 2012 Management Objects  (x64) Microsoft Corporation 7/11/2013 16.8 MB 11.0.2100.60
Microsoft SQL Server 2012 Native Client Microsoft Corporation 7/11/2013 8.33 MB 11.0.2100.60
Microsoft SQL Server 2012 T-SQL Language Service Microsoft Corporation 7/11/2013 6.13 MB 11.0.2100.60
Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft Corporation 7/11/2013 85.9 MB 11.0.2100.60
Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft Corporation 7/11/2013 4.52 MB 11.0.2100.60
Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft Corporation 7/11/2013 22.4 MB 4.0.8876.1
Microsoft SQL Server Data Tools - enu (11.1.20828.01) Microsoft Corporation 7/11/2013 14.5 MB 11.1.20828.01
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) Microsoft Corporation 7/11/2013 1.32 MB 11.1.20828.01
Microsoft SQL Server System CLR Types Microsoft Corporation 7/20/2013 2.53 MB 10.50.1600.1
Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 7/20/2013 856 KB 10.50.1600.1
Microsoft System CLR Types for SQL Server 2012 Microsoft Corporation 7/11/2013 2.30 MB 11.0.2100.60
Microsoft System CLR Types for SQL Server 2012 (x64) Microsoft Corporation 7/11/2013 1.38 MB 11.0.2100.60
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/8/2013 300 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 4/6/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/10/2015 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 4/6/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 10/16/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/16/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2/11/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2/11/2015 17.3 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10/16/2014 10.0.50903
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU Microsoft Corporation 7/13/2013 2.85 GB 11.0.50727.42
Microsoft Web Deploy 3.0 Microsoft Corporation 7/20/2013 6.51 MB 3.1236.1631
Microsoft Web Deploy dbSqlPackage Provider - enu Microsoft Corporation 7/20/2013 764 KB 10.3.20225.0
Microsoft Web Platform Installer 4.0 Microsoft Corporation 7/20/2013 4.13 MB 4.0.1622
Motorola Device Manager Motorola Mobility 11/7/2015 2.5.4
Motorola Mobile Drivers Installation 6.4.0 Motorola Mobility LLC 11/7/2015 5.10 MB 6.4.0
MP3 To WAV Decoder version 1.0 r2 3/9/2014 2.22 MB 1.0 r2
MSXML 4.0 SP3 Parser Microsoft Corporation 5/29/2013 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 5/31/2013 1.54 MB 4.30.2117.0
NinjaTrader 7 NinjaTrader 9/14/2015 126 MB 7.0.1030
OpenOffice.org 3.4.1 Apache Software Foundation 4/6/2013 314 MB 3.41.9593
Prerequisites for SSDT Microsoft Corporation 7/11/2013 6.36 MB 11.0.2100.60
Primus V RemoteApp PrimusTrade LLC 3/9/2013 532 KB 5.0.2
QuickTime Apple Inc. 6/9/2013 74.6 MB 7.74.80.86
RSDLite Motorola 11/7/2015 7.19 MB 5.6.4
SchweserPro Level 1 2014 12/21/2014
Skype™ 6.11 Skype Technologies S.A. 1/21/2014 26.9 MB 6.11.102
SoundMAX Analog Devices 8/15/2012 6.10.2.5491
Speccy Piriform 10/1/2014 1.26
Sterling Trader Pro Sterling Trader Inc. 6/10/2015 5.0.24
TeamViewer 9 TeamViewer 4/13/2015 9.0.41110
thinkorswim from TD AMERITRADE TD AMERITRADE, Inc. 4/19/2013
WCF RIA Services V1.0 SP2 Microsoft Corporation 7/20/2013 25.2 MB 4.1.61829.0
WModem Driver Installer HTC 6/30/2013 2.0.6.9
ZoneAlarm Free Firewall Check Point 1/25/2014 67.0 MB 12.0.118.000
ZoneAlarm Security Toolbar Check Point Software Technologies LTD 1/19/2016 1.8.28.13
 


#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 19 January 2016 - 08:13 PM

The list of Scheduled Tasks is missing.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe

You have two antivirus programs...uninstall either Avira or Zone Alarm Check Point...Do not Disable the Startup for the one you keep.

Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe

Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

Yes HKLM:Run VMM Mode Selection C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
Yes HKLM:Run ZoneAlarm Check Point Software Technologies LTD "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

See info on Avira

Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\zj\AppData\Roaming\Dropbox\bin\Dropbox.exe

Yes Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
 
Uninstall these programs:
Avira Antivirus Avira Operations GmbH & Co. KG 12/10/2015 15.0.15.129 Uninstall either Avira or Zone Alarm Check Point
Avira Launcher Avira Operations GmbH & Co. KG 1/14/2016 11.5 MB 1.1.53.13962

Avira SearchFree Toolbar 12/12/2014 Uninstall SearchFree Toolbar whether you keep Avira or not

ESET Online Scanner v3 1/18/2016

Google Toolbar for Internet Explorer Google Inc. 12/18/2015 7.5.7210.1528

Google Update Helper 8/15/2012

ZoneAlarm Free Firewall Check Point 1/25/2014 67.0 MB 12.0.118.000 See Avira info
ZoneAlarm Security Toolbar Check Point Software Technologies LTD 1/19/2016 1.8.28.13
Uninstall ZA security Toolbar whether you keep ZA or not

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2016 - 08:49 PM

I didn't see in control panel in uninstall these two..

Avira SearchFree Toolbar

Google Update Helper

 

I'm still receiving the Zone Alarm warning about SysWOW64

 

Here is the new CCleaner output

 

No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run gentleMouse Gentle Computing, LLC C:\Program Files (x86)\Gentle Computing\GentleMouse\GentleMouse.exe
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run atchk Intel Corporation "C:\Program Files (x86)\Intel\AMT\atchk.exe"
No HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
No HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
No HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run Cisco AnyConnect Secure Mobility Agent for Windows Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SoundMAXPnP Analog Devices, Inc. C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run VMM Mode Selection C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
Yes HKLM:Run ZoneAlarm Check Point Software Technologies LTD "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
No Startup User Dropbox.lnk Dropbox, Inc. C:\Users\zj\AppData\Roaming\Dropbox\bin\Dropbox.exe
No Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe


#6 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 19 January 2016 - 10:15 PM

What about the Scheduled Tasks list....? please post that...

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

You can uninstall from CCleaner tools, too. See what happens when you click on those two items and then choose Uninstall on the right.

 

Did you Reset Google Chrome per my first post?


Edited by buddy215, 19 January 2016 - 10:17 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2016 - 10:49 PM

Ok uninstalled those two items above from within CCleaner.  I really am hesitant to reset Chrome, I feel like I will loose a lot of settings.  If you feel it's 100% necessary I will but I don't see how that will resolve issue.

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-1712142184-3107343291-2997790433-1000Core Dropbox, Inc. C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1712142184-3107343291-2997790433-1000UA Dropbox, Inc. C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task G2MUpdateTask-S-1-5-21-1712142184-3107343291-2997790433-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\zj\AppData\Local\Citrix\GoToMeeting\4288\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-1712142184-3107343291-2997790433-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\zj\AppData\Local\Citrix\GoToMeeting\4288\g2mupload.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Motorola Device Manager Initial Update Motorola Mobility Inc. "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe" -d -silent
Yes Task Motorola Device Manager Update Motorola Mobility Inc. "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe" -d -silent
Yes Task {08E13E2F-FF6C-4736-82CF-CBD4C9F13CF3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\zj\Downloads\gentlemouseV2_setup.exe -d C:\Users\zj\Downloads


#8 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2016 - 11:03 PM

Also there is a SysWOW64 folder sitting in my C:\Windows folder, shouldn't we be attacking/removing that?

 

Also wondering if this warning popping up from Zone alarm is even an issue?  SysWOW64 im reading is a dllhost.exe file that comes preinstalled on computer.



#9 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 20 January 2016 - 05:24 AM

The reason for resetting Chrome was because of the ZA message. Resetting may or may not fix the issue...won't know until resetting.
 
Disable these Scheduled Tasks:
Yes Task DropboxUpdateTaskUserS-1-5-21-1712142184-3107343291-2997790433-1000Core Dropbox, Inc. C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1712142184-3107343291-2997790433-1000UA Dropbox, Inc. C:\Users\zj\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task G2MUpdateTask-S-1-5-21-1712142184-3107343291-2997790433-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\zj\AppData\Local\Citrix\GoToMeeting\4288\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-1712142184-3107343291-2997790433-1000 Citrix Online, a division of Citrix Systems, Inc. C:\Users\zj\AppData\Local\Citrix\GoToMeeting\4288\g2mupload.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Motorola Device Manager Initial Update Motorola Mobility Inc. "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe" -d -silent
Yes Task Motorola Device Manager Update Motorola Mobility Inc. "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe" -d -silent
Yes Task {08E13E2F-FF6C-4736-82CF-CBD4C9F13CF3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\zj\Downloads\gentlemouseV2_setup.exe -d C:\Users\zj\Downloads

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 20 January 2016 - 05:30 AM

After doing the above and resetting Chrome has not resolved the issue, then you should start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 January 2016 - 02:25 PM

Okay I disabled all the above scheduled tasks.  Also in chrome settings under "People" it said something like there was 1 person or user viewing my computer, I forget what it said exactly, anyhow I deleted them.  When I did that I don't know if it ended up resetting Chrome but I'm not getting the Zone alarm message any longer or at least so far.


Edited by zachj, 21 January 2016 - 02:25 PM.


#12 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 21 January 2016 - 03:16 PM

Good...if the message comes back I would think it is some add-on that's added itself back in Chrome or you reinstalled it.

If it is adding itself back in then let me know and I will direct you as to how to find the culprit.

 

Otherwise...happy surfin


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 January 2016 - 03:23 PM

Ok Thank you



#14 zachj

zachj
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 31 January 2016 - 01:24 PM

IDK about this, ever since I made all the changes above my computer is running slow.  I'm thinking I shouldn't have been removing Avira anti virus.  I was using zone alarm for firewall only not anti virus.



#15 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:10 AM

Posted 01 February 2016 - 09:40 AM

If you are sure that only the ZA firewall is active and not its other security software then please do reinstall Avira.

But that won't solve your 'slowness' problem. Follow the directions in my post #10 for starting a new topic.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users