Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and cannot install a printer


  • This topic is locked This topic is locked
2 replies to this topic

#1 SeeknM

SeeknM

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 09 October 2016 - 08:33 PM

My computer has popups. Also I am not able to open an administrator command prompt from within an administrator account, I am unable to add a printer; it hangs at installing. I cannot run chkdsk /f. On reboot i get one of your disks need to be checked for consistency.

 

. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016

Ran by Keith (administrator) on MELISSAGLOVER (09-10-2016 07:21:13)
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Melissa Glover & Keith & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
() C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-08-22] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [fst_us_220] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe [3225088 2015-10-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-02-03] (Hewlett-Packard Company)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-08-21]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-08-21]
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
AutoConfigURL: [HKLM] => http=127.0.0.1:3128
Winsock: Catalog9 01 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 02 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 03 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 04 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 16 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9-x64 01 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 02 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 03 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 04 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 16 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14EBB45F-8C8B-49FB-BDCB-439A11475760}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D08009B3-421A-4FA7-AE6A-59C9DCABD554}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
URLSearchHook: HKLM-x32 - (No Name) - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyE0EtB0CyDyByEyDyCyBzztN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyEyEzztA0BtCzzzytGtA0C0EtAtGtD0CzzyDtGyBtC0AtDtGyE0EtA0D0AyByC0FtBtBtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyEyD0BtDtCyBtG0A0FtD0AtGyE0C0FyCtGzytCzyzytG0CyDyCyB0D0B0D0BtCtAzy0A2Q&cr=821694722&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=3884089e-83c9-4643-a810-48559462dd88&searchtype=ds&q={searchTerms}&installDate=21/07/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
BHO: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll => No File
BHO: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll => No File
BHO: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho64.dll => No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll [2014-08-21] (esc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.x64.dll [2014-07-27] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-18] (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Fast Free Converter 4.1 -> {0267CB62-3A0A-4847-AA96-A338AD292E0F} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL => No File
BHO-x32: No Name -> {02edb56b-9b33-435b-b7df-b2843273a694} -> No File
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll => No File
BHO-x32: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho.dll => No File
BHO-x32: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho.dll => No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll [2014-08-21] (esc)
BHO-x32: LyricsWoofer -> {1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c} -> C:\Program Files (x86)\LyricsWoofer\133.dll => No File
BHO-x32: SelectionLinks -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> C:\Program Files (x86)\OApps\SelectionLinks.dll => No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-25] (RealPlayer)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Show Lyrics -> {90609D82-77C3-4391-8915-CF5638CF4605} -> C:\Program Files (x86)\Show-Lyrics\slyrics.dll => No File
BHO-x32: No Name -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> No File
BHO-x32: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.dll [2014-07-27] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll => No File
BHO-x32: M-Lyrics -> {C9AFAF70-F7EB-44B6-A334-0ED998D466E7} -> C:\Program Files (x86)\M-Lyrics\lfind.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll No File
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll [2014-01-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll [2014-01-29] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\MELISS~1\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bdephonbpjofbmmhhlhiegdokbhhccch] - C:\Program Files (x86)\LyricsWoofer\133.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kfpelfbdfajdjanfefecookocekcfkni] - C:\Program Files (x86)\OApps\chrome-sl.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ogoocamnhedgmkaapmjkkioohkedbecm] - C:\Program Files (x86)\M-Lyrics\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pkahcfoiapkaglphahjnnmojmlbhnidb] - C:\Program Files (x86)\Show-Lyrics\Chrome.crx <not found>
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.Guest - C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllDaySavingsService64; C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 CFUACProxy_hddv2usb3; C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [83792 2011-09-08] (Storage Appliance Corp.)
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S4 f592fff6; c:\Program Files (x86)\AppendMonitor\AppendMonitor.dll [2236928 1980-08-21] () [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hzunyanhtn64; C:\Program Files\005\hzunyanhtn64.exe [709120 2014-08-21] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] () [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-08-22] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [3001856 2015-10-28] (Search Module Ltd.) [File not signed]
S4 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-18] (ShopperPro) <==== ATTENTION
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update GrabRez; "C:\Program Files (x86)\GrabRez\updateGrabRez.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 1980-12-17] (Cherimoya Ltd) <==== ATTENTION
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2011-08-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2011-08-22] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [45728 2015-10-28] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-18] ()
S2 SPDRIVER_1.42.1.2687; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.sys [52384 2015-10-18] ()
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-08-03] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2011-08-03] (LG Electronics Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-21] (StdLib)
S1 apcqaqmq; \??\C:\windows\system32\drivers\apcqaqmq.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U2 wuaserv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 07:21 - 2016-10-09 07:21 - 00031910 _____ C:\Users\Keith\Desktop\FRST.txt
2016-10-09 07:20 - 2016-10-09 07:21 - 00000000 ____D C:\FRST
2016-10-09 07:18 - 2016-10-09 00:57 - 02405376 _____ (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2016-10-09 06:09 - 2016-10-09 06:19 - 00000000 ____D C:\Users\Keith\Documents\Bluetooth Folder
2016-10-09 06:09 - 2016-10-09 06:09 - 00000000 ____D C:\Users\Keith\AppData\Local\BMExplorer
2016-10-09 02:51 - 2016-10-09 02:51 - 00000000 __SHD C:\found.008
2016-09-29 22:26 - 2016-09-29 22:30 - 00000000 ___SD C:\32788R22FWJFW
2016-09-29 22:26 - 2016-09-29 22:26 - 00000000 ____D C:\windows\erdnt
2016-09-29 22:03 - 2016-09-29 22:03 - 00000000 ____D C:\Users\Keith\AppData\Local\VirtualStore
2016-09-29 22:02 - 2016-09-29 22:02 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00002080 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\SynthMaker
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Acoustica
2016-09-27 21:34 - 2016-09-29 20:23 - 00000000 ____D C:\windows\pss
2016-09-27 19:55 - 2016-09-27 20:34 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForKeith.job
2016-09-27 19:55 - 2016-09-27 19:55 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForKeith
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard_Developme
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard
2016-09-27 19:54 - 2016-09-27 19:54 - 272784158 _____ C:\Users\Keith\Documents\RegistryBackup.reg
2016-09-27 19:35 - 2016-09-27 19:35 - 00262144 _____ C:\windows\Minidump\092716-98764-01.dmp
2016-09-27 19:31 - 2016-09-29 21:48 - 00000000 ____D C:\Users\Keith\AppData\Local\ElevatedDiagnostics
2016-09-27 18:49 - 2016-09-27 18:49 - 00000000 ____H C:\Users\Melissa Glover\BIT9A39.tmp
2016-09-27 18:48 - 2016-09-27 19:35 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForMelissa Glover.job
2016-09-27 18:48 - 2016-09-27 18:49 - 00003240 _____ C:\windows\System32\Tasks\HPCeeScheduleForMelissa Glover
2016-09-27 17:48 - 2016-09-27 17:48 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762}
2016-09-27 17:46 - 2016-09-27 17:46 - 00000000 ____D C:\Users\Keith\AppData\Roaming\WinRAR
2016-09-27 16:00 - 2016-09-27 16:00 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Hewlett-Packard
2016-09-27 14:35 - 2016-09-27 14:35 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\Sun
2016-09-27 14:34 - 2016-09-27 14:34 - 00000000 ____D C:\Users\Keith\Documents\Native Instruments
2016-09-27 14:33 - 2016-09-27 14:33 - 00000000 ____D C:\Users\Keith\AppData\Local\Native Instruments
2016-09-27 14:30 - 2016-09-27 14:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Intel Corporation
2016-09-27 14:29 - 2016-09-27 18:11 - 00001621 _____ C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2016-09-27 14:29 - 2016-09-27 14:31 - 00000000 ____D C:\Users\Keith\AppData\Roaming\hpqLog
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Synaptics
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Apple Computer
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Adobe
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Local\PDFC
2016-09-27 14:28 - 2016-09-27 17:30 - 00000258 __RSH C:\Users\Keith\ntuser.pol
2016-09-27 14:28 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Keith
2016-09-27 14:28 - 2016-09-27 14:28 - 00109296 _____ C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\My Documents
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Videos
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Pictures
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Music
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Systweak
2016-09-27 14:28 - 2012-01-22 21:52 - 00000000 ____D C:\Users\Keith\AppData\Local\Microsoft Help
2016-09-27 14:28 - 2009-07-27 10:09 - 00000020 ___SH C:\Users\Keith\ntuser.ini
2016-09-27 14:03 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-09-27 14:03 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-09-27 14:03 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-09-27 14:03 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-09-27 14:02 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-09-27 14:02 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-09-27 14:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-09-27 13:14 - 2016-09-27 13:15 - 00037954 _____ C:\Users\Keith\Documents\hardinfo_report.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:15 - 2011-08-06 07:01 - 00000000 ____D C:\Users\Public\Documents\Atheros
2016-10-09 06:09 - 2011-08-06 07:01 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-10-09 06:08 - 2011-05-04 20:54 - 00000000 ____D C:\ProgramData\PDFC
2016-10-09 06:08 - 2011-05-04 20:50 - 00000000 ____D C:\ProgramData\HPQLOG
2016-10-09 06:02 - 2014-03-01 01:54 - 00000000 ____D C:\Users\Melissa Glover\AppData\Roaming\Open Download Manager
2016-09-27 21:04 - 2014-08-21 19:59 - 00002168 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-6.job
2016-09-27 20:41 - 2009-07-14 01:13 - 00783234 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-27 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-09-27 20:38 - 2014-03-30 00:01 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2016-09-27 20:36 - 2014-08-21 19:59 - 00004160 _____ C:\windows\Tasks\6d83c2d0-7f9f-4d68-ab13-5715fd424552.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002696 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-4.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002220 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-7.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001788 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-1.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001698 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5_user.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001678 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001408 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-2.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00004498 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-11.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00002792 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-3.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00000904 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-09-27 20:36 - 2014-03-23 21:41 - 00000458 ____H C:\windows\Tasks\SW-Booster-S-619517029.job
2016-09-27 20:36 - 2014-03-04 00:41 - 00001634 _____ C:\windows\Tasks\MediaPlayerEnhance-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001590 _____ C:\windows\Tasks\MediaPlayerEnhance-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001526 _____ C:\windows\Tasks\Plus-HD-8.9-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001488 _____ C:\windows\Tasks\MediaPlayerEnhance-enabler.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001380 _____ C:\windows\Tasks\Plus-HD-8.9-enabler.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00003474 _____ C:\windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002434 _____ C:\windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002344 _____ C:\windows\Tasks\Plus-HD-8.9-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00001482 _____ C:\windows\Tasks\Plus-HD-8.9-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:38 - 00003110 _____ C:\windows\Tasks\Plus-HD-8.9-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00003130 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00002610 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001556 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-updater.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001512 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001410 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-enabler.job
2016-09-27 20:36 - 2013-07-01 03:31 - 00000402 _____ C:\windows\Tasks\Show Lyrics Update.job
2016-09-27 20:36 - 2013-07-01 01:46 - 00000422 _____ C:\windows\Tasks\LyricsWoofer Update.job
2016-09-27 20:36 - 2013-05-11 03:37 - 00000392 _____ C:\windows\Tasks\M-Lyrics Update.job
2016-09-27 20:34 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-27 20:06 - 2014-08-21 20:06 - 00000316 _____ C:\windows\Tasks\Groovorio Updater.job
2016-09-27 20:03 - 2014-08-21 19:58 - 00000908 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-09-27 19:41 - 1980-11-23 22:37 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-09-27 19:35 - 2012-06-27 19:49 - 00000000 ____D C:\windows\Minidump
2016-09-27 19:34 - 2012-06-27 19:49 - 995515056 _____ C:\windows\MEMORY.DMP
2016-09-27 19:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-09-27 18:49 - 2011-08-18 23:12 - 00000000 ____D C:\Users\Melissa Glover
2016-09-27 17:48 - 2011-09-04 22:24 - 02537472 ___SH C:\Users\Melissa Glover\Downloads\Thumbs.db
2016-09-27 17:30 - 2014-08-21 20:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2016-09-27 16:00 - 2013-01-25 22:30 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-09-27 14:03 - 2014-08-21 20:01 - 00000000 ____D C:\Program Files\AllDaySavings
ZeroAccess:
C:\Users\Melissa Glover\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\nsd4A2B.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nse926.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nsf601D.exe
C:\Users\Guest\AppData\Local\Temp\nsg2790.exe
C:\Users\Guest\AppData\Local\Temp\nsg3D32.exe
C:\Users\Guest\AppData\Local\Temp\nskAC1A.exe
C:\Users\Guest\AppData\Local\Temp\nsm8DA.exe
C:\Users\Guest\AppData\Local\Temp\nsmFE7E.exe
C:\Users\Guest\AppData\Local\Temp\nso6FD4.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nst81ED.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nswAEE8.exe
C:\Users\Guest\AppData\Local\Temp\nsx2DF.tmp.exe
C:\Users\Guest\AppData\Local\Temp\playnowradio.exe
C:\Users\Guest\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Guest\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\0dmzsv3z.dll
C:\Users\Melissa Glover\AppData\Local\Temp\6C76_HiDefMedia-1.1.12-win32.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air5A9D.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air6C75.exe
C:\Users\Melissa Glover\AppData\Local\Temp\airAE87.exe
C:\Users\Melissa Glover\AppData\Local\Temp\BackupSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\chrome.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dlLogic.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dltr.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\embededstub.exe
C:\Users\Melissa Glover\AppData\Local\Temp\GCVerifier.dll
C:\Users\Melissa Glover\AppData\Local\Temp\gkc.exe
C:\Users\Melissa Glover\AppData\Local\Temp\hq-video-pro-1-4.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_update.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB1D9.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB534.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc350C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc9263.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nse39C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsfC8BB.tmp.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsgAB41.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh673A.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh8257.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsjE5D3.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1806.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1AC5.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm63FE.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm641F.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm8EF8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso4E29.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso5490.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsr9243.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstEBDC.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstF10B.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw5E92.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw9A01.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nswA7A8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsx37FA.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OfferBrokerage_14111.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun28864.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun9098.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup_709.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup__6272.exe
C:\Users\Melissa Glover\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Melissa Glover\AppData\Local\Temp\SpOrder.dll
C:\Users\Melissa Glover\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\toparcupd.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Tsu0672F4F3.dll
C:\Users\Melissa Glover\AppData\Local\Temp\uninst1.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Uninstall.exe
C:\Users\Melissa Glover\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Melissa Glover\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0357888 ____A (Microsoft Corporation) 7F451F275680080B057A3D41A5D34596
 
C:\windows\SysWOW64\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0270336 ____A (Microsoft Corporation) FC4723F0CF1D8864430B4F9A398133F8
 
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2013-01-06 02:19
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 AM

Posted 11 October 2016 - 01:21 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Did you set this proxy?
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
AutoConfigURL: [HKLM] => http=127.0.0.1:3128

---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [fst_us_220] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe [3225088 2015-10-18] ()
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-08-21]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-08-21]
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Winsock: Catalog9 01 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 02 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 03 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 04 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 16 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9-x64 01 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 02 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 03 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 04 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 16 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
URLSearchHook: HKLM-x32 - (No Name) - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyE0EtB0CyDyByEyDyCyBzztN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyEyEzztA0BtCzzzytGtA0C0EtAtGtD0CzzyDtGyBtC0AtDtGyE0EtA0D0AyByC0FtBtBtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyEyD0BtDtCyBtG0A0FtD0AtGyE0C0FyCtGzytCzyzytG0CyDyCyB0D0B0D0BtCtAzy0A2Q&cr=821694722&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=3884089e-83c9-4643-a810-48559462dd88&searchtype=ds&q={searchTerms}&installDate=21/07/2013
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
BHO: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll => No File
BHO: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll => No File
BHO: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho64.dll => No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll [2014-08-21] (esc)
BHO: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.x64.dll [2014-07-27] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: Fast Free Converter 4.1 -> {0267CB62-3A0A-4847-AA96-A338AD292E0F} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL => No File
BHO-x32: No Name -> {02edb56b-9b33-435b-b7df-b2843273a694} -> No File
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll => No File
BHO-x32: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho.dll => No File
BHO-x32: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho.dll => No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll [2014-08-21] (esc)
BHO-x32: LyricsWoofer -> {1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c} -> C:\Program Files (x86)\LyricsWoofer\133.dll => No File
BHO-x32: SelectionLinks -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> C:\Program Files (x86)\OApps\SelectionLinks.dll => No File
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Show Lyrics -> {90609D82-77C3-4391-8915-CF5638CF4605} -> C:\Program Files (x86)\Show-Lyrics\slyrics.dll => No File
BHO-x32: No Name -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> No File
BHO-x32: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.dll [2014-07-27] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll => No File
BHO-x32: M-Lyrics -> {C9AFAF70-F7EB-44B6-A334-0ED998D466E7} -> C:\Program Files (x86)\M-Lyrics\lfind.dll => No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\MELISS~1\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bdephonbpjofbmmhhlhiegdokbhhccch] - C:\Program Files (x86)\LyricsWoofer\133.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kfpelfbdfajdjanfefecookocekcfkni] - C:\Program Files (x86)\OApps\chrome-sl.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ogoocamnhedgmkaapmjkkioohkedbecm] - C:\Program Files (x86)\M-Lyrics\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pkahcfoiapkaglphahjnnmojmlbhnidb] - C:\Program Files (x86)\Show-Lyrics\Chrome.crx <not found>
R2 AllDaySavingsService64; C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
S4 f592fff6; c:\Program Files (x86)\AppendMonitor\AppendMonitor.dll [2236928 1980-08-21] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S4 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [3001856 2015-10-28] (Search Module Ltd.) [File not signed]
S4 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-18] (ShopperPro) <==== ATTENTION
S2 Update GrabRez; "C:\Program Files (x86)\GrabRez\updateGrabRez.exe" [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 1980-12-17] (Cherimoya Ltd) <==== ATTENTION
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [45728 2015-10-28] ()
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-18] ()
S2 SPDRIVER_1.42.1.2687; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.sys [52384 2015-10-18] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-21] (StdLib)
S1 apcqaqmq; \??\C:\windows\system32\drivers\apcqaqmq.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U2 wuaserv; no ImagePath
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484
C:\Program Files (x86)\TheTorntv V10
C:\ProgramData\ReGulearDeals
C:\ProgramData\ShopperPro
C:\Program Files (x86)\BitComet
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\SearchProtect
c:\Program Files (x86)\AppendMonitor
C:\Program Files\Common Files\Goobzo
C:\Windows\System32\drivers\cherimoya.sys
C:\Windows\System32\drivers\netfilter64.sys
C:\Windows\System32\drivers\wStLibG64.sys
cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Clean everyting that this tool will find.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 AM

Posted 17 October 2016 - 10:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users