Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect and vowsurveys.com


  • This topic is locked This topic is locked
16 replies to this topic

#1 llomlo

llomlo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 November 2016 - 10:30 AM

Anybody have any info about this?

 

It is a redirect to vowsurveys.com with my cable company name for a "survey".

 

Opera browser.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 06 November 2016 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


It is a redirect to vowsurveys.com with my cable company name for a "survey".
vowsurveys.com is considered to be a kind of ad-supported domain.

Do not answer it.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.

p.s.
Let me know if the problem persists and which browser(s) is/are affected.

#3 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 November 2016 - 03:32 PM

I ran AdwCleaner on 10-20-2016

 

# AdwCleaner v6.030 - Logfile created 20/10/2016 at 17:47:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : mooch - LENOVOI5
# Running from : C:\Users\mooch\AppData\Local\Temp\scoped_dir3584_29090\adwcleaner_6.030.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\mooch\AppData\Roaming\DSite
Folder Found:  C:\ProgramData\Partner
Folder Found:  C:\ProgramData\w3i
Folder Found:  C:\ProgramData\Application Data\Partner
Folder Found:  C:\ProgramData\Application Data\w3i
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Helper
Folder Found:  C:\Program Files (x86)\w3i
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  DSite
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found:  HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Software\W3I
Key Found:  HKCU\Software\W3I
Key Found:  [x64] HKCU\Software\W3I
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylongeek.co.uk
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponmountain.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylongeek.co.uk
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponmountain.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2770 Bytes] - [20/10/2016 17:47:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2843 Bytes] ##########
 
 
******
******
 
Still has it since then.
 
******
******
 
Today's results:
 
# AdwCleaner v6.030 - Logfile created 20/10/2016 at 17:47:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : mooch - LENOVOI5
# Running from : C:\Users\mooch\AppData\Local\Temp\scoped_dir3584_29090\adwcleaner_6.030.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\mooch\AppData\Roaming\DSite
Folder Found:  C:\ProgramData\Partner
Folder Found:  C:\ProgramData\w3i
Folder Found:  C:\ProgramData\Application Data\Partner
Folder Found:  C:\ProgramData\Application Data\w3i
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Helper
Folder Found:  C:\Program Files (x86)\w3i
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  DSite
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found:  HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Software\W3I
Key Found:  HKCU\Software\W3I
Key Found:  [x64] HKCU\Software\W3I
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylongeek.co.uk
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponmountain.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylongeek.co.uk
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponmountain.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2770 Bytes] - [20/10/2016 17:47:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2843 Bytes] ##########
 


#4 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 November 2016 - 03:33 PM

I know it is the Opera browser.

 

It might be Firefox too. I don't remember if it is both or just the one.



#5 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 November 2016 - 04:04 PM

*****FRST.txt*****
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by mooch (administrator) on LENOVOI5 (06-11-2016 15:37:06)
Running from C:\MAIN\Downloads\AdWCleaner
Loaded Profiles: mooch (Available Profiles: mooch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.46\opera.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-05-02] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [159744 2012-06-30] (IvoSoft)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-02-24] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-02] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\RunOnce: [1031_16537001549542] => C:\Users\mooch\AppData\Local\LMIR0001.tmp_r.bat [357 2016-10-31] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\...\MountPoints2: {1012f20e-3b3c-11e3-bc53-c01885ef6c64} - H:\iLinker.exe
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-06-30] (IvoSoft)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-05-02] ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-06-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-05-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09A61A66-EA00-44A0-8270-CDEC3FE83A2F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.danoverholt.com/mlo/mlo.html
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
URLSearchHook: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> DefaultScope {2D269147-2035-42C0-8F30-ABBED5D47422} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US714D20120720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> {2D269147-2035-42C0-8F30-ABBED5D47422} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US714D20120720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-06-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2012-06-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-06-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2012-06-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-06-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-06-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: tvqvflla.default
FF ProfilePath: C:\Users\mooch\AppData\Roaming\Mozilla\Firefox\Profiles\tvqvflla.default [2016-11-06]
FF Homepage: Mozilla\Firefox\Profiles\tvqvflla.default -> hxxp://www.danoverholt.com/mlo/mlo.html
FF Session Restore: Mozilla\Firefox\Profiles\tvqvflla.default -> is enabled.
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default [2016-10-28]
CHR Extension: (Docs) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]
CHR Extension: (Google Drive) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (SiteAdvisor) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
CHR Extension: (Gmail) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SPUVCbv; C:\windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-28] ()
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-06 15:36 - 2016-11-06 15:37 - 00000000 ____D C:\FRST
2016-11-04 09:57 - 2016-11-04 09:58 - 00000000 ____D C:\Users\mooch\AppData\Local\CrashDumps
2016-10-31 15:54 - 2016-10-31 15:54 - 00000357 _____ C:\Users\mooch\AppData\Local\LMIR0001.tmp_r.bat
2016-10-31 15:14 - 2016-10-31 16:00 - 00000000 ____D C:\Users\mooch\AppData\Local\LogMeIn Rescue Applet
2016-10-30 20:10 - 2016-10-30 20:10 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-10-28 15:10 - 2016-10-28 15:16 - 00207366 _____ C:\TDSSKiller.3.1.0.11_28.10.2016_16.10.27_log.txt
2016-10-28 14:57 - 2016-10-28 14:57 - 00000000 ____D C:\windows\pss
2016-10-28 14:55 - 2016-10-28 14:56 - 00207366 _____ C:\TDSSKiller.3.1.0.11_28.10.2016_15.55.04_log.txt
2016-10-28 14:43 - 2016-10-28 14:43 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-28 14:43 - 2016-10-28 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-28 14:43 - 2016-10-28 14:43 - 00000000 ____D C:\Program Files\CCleaner
2016-10-28 14:02 - 2016-10-28 14:02 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-10-28 14:00 - 2016-10-28 14:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-28 14:00 - 2016-10-28 14:00 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-28 14:00 - 2016-10-28 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-28 14:00 - 2016-10-28 14:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-27 18:31 - 2016-10-27 18:31 - 20975616 _____ C:\Application_Sysytem-2016-10-27.evtx
2016-10-27 18:30 - 2016-10-27 18:30 - 20975616 _____ C:\Application_Security-2016-10-27.evtx
2016-10-27 18:30 - 2016-10-27 18:30 - 01052672 _____ C:\Application_Setup-2016-10-27.evtx
2016-10-27 18:29 - 2016-10-27 18:29 - 20975616 _____ C:\Application-2016-10-27.evtx
2016-10-21 11:45 - 2016-10-28 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 16:45 - 2016-11-06 15:29 - 00000000 ____D C:\AdwCleaner
2016-10-18 14:09 - 2016-10-18 14:10 - 00280376 _____ C:\windows\Minidump\101816-19671-01.dmp
2016-10-16 20:33 - 2016-10-16 20:33 - 00280376 _____ C:\windows\Minidump\101616-34585-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-06 13:51 - 2009-07-13 23:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-06 13:51 - 2009-07-13 23:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-06 11:47 - 2009-07-14 00:13 - 00006210 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-05 22:47 - 2015-11-30 00:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-30 22:57 - 2012-05-02 17:42 - 00179633 _____ C:\windows\system32\fastboot.set
2016-10-30 22:56 - 2012-05-02 17:35 - 00000000 ____D C:\ProgramData\VeriFace
2016-10-30 22:56 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-10-30 20:56 - 2014-07-15 19:40 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-30 20:07 - 2015-08-22 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-28 14:55 - 2013-03-13 19:46 - 00420552 _____ C:\windows\ntbtlog.txt
2016-10-28 14:44 - 2012-05-02 17:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 14:40 - 2012-07-20 16:36 - 00000000 ____D C:\Users\mooch\AppData\Local\Google
2016-10-28 12:53 - 2013-07-06 18:11 - 00002590 _____ C:\Users\mooch\Desktop\Rkill.txt
2016-10-27 20:22 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-10-27 17:58 - 2012-11-26 21:25 - 00007622 _____ C:\Users\mooch\AppData\Local\Resmon.ResmonCfg
2016-10-27 15:30 - 2016-03-15 11:37 - 00003840 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1458059830
2016-10-27 15:30 - 2015-11-13 21:35 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-20 16:58 - 2015-01-29 00:07 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-20 16:58 - 2015-01-29 00:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-20 16:58 - 2014-08-22 23:57 - 00000000 ____D C:\Users\mooch\AppData\Local\Adobe
2016-10-20 16:58 - 2012-08-02 21:12 - 00000000 ____D C:\windows\system32\Macromed
2016-10-20 16:58 - 2012-05-02 17:27 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-18 14:09 - 2013-02-03 01:28 - 841531392 _____ C:\windows\MEMORY.DMP
2016-10-18 14:09 - 2013-02-03 01:28 - 00000000 ____D C:\windows\Minidump
2016-10-12 13:04 - 2015-08-02 22:51 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-07 13:52 - 2012-08-01 00:31 - 00000000 ____D C:\MAIN
 
==================== Files in the root of some directories =======
 
2013-07-06 19:14 - 2013-07-06 19:14 - 0000005 _____ () C:\Users\mooch\AppData\Roaming\WBPU-TTL.DAT
2016-10-31 15:54 - 2016-10-31 15:54 - 0000357 _____ () C:\Users\mooch\AppData\Local\LMIR0001.tmp_r.bat
2012-11-26 21:25 - 2016-10-27 17:58 - 0007622 _____ () C:\Users\mooch\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\mooch\AppData\Local\Temp\dllnt_dump.dll
C:\Users\mooch\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 11:20
 
==================== End of FRST.txt ============================


#6 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 November 2016 - 04:06 PM

*****Addition.txt*******

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by mooch (06-11-2016 15:37:49)
Running from C:\MAIN\Downloads\AdWCleaner
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-20 21:29:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4013462516-1189454062-4116283837-500 - Administrator - Disabled)
Guest (S-1-5-21-4013462516-1189454062-4116283837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4013462516-1189454062-4116283837-1002 - Limited - Enabled)
mooch (S-1-5-21-4013462516-1189454062-4116283837-1000 - Administrator - Enabled) => C:\Users\mooch
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Alarm (HKLM-x32\...\Alarm_is1) (Version: 2.0.7 - Bluefive software)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{902FEB22-3C4A-4D6C-84F9-C66C35DD299A}) (Version: 3.5.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2811.52 - CyberLink Corp.)
Lenovo PowerDVD 10 (x32 Version: 10.0.2811.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.3.1.133 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Opera Stable 41.0.2353.46 (HKLM-x32\...\Opera 41.0.2353.46) (Version: 41.0.2353.46 - Opera Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung i-Launcher 1.0.1.54 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.54 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {57AEAB9D-96D1-47FB-8502-B479065306B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {67671C89-70CC-4720-8EEA-3528A3D19C63} - System32\Tasks\Opera scheduled Autoupdate 1458059830 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-24] (Opera Software)
Task: {A6EEB3CD-B925-447F-89B6-D5EA3C209CAE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {F3C0ECD1-F289-4D0C-9858-5D3D984E84CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-02 17:35 - 2012-05-02 17:35 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-05-02 17:35 - 2012-05-02 17:35 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2010-12-14 13:05 - 2010-12-14 13:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2008-12-19 22:20 - 2012-05-02 17:44 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 22:20 - 2012-05-02 17:44 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-02 17:07 - 2011-03-25 04:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-02 17:35 - 2012-05-02 17:35 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-15 21:43 - 2014-10-15 21:43 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll
2012-05-02 17:06 - 2011-02-18 03:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-10-27 15:30 - 2016-10-27 15:29 - 66011856 _____ () C:\Program Files (x86)\Opera\41.0.2353.46\opera.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-27 15:30 - 2016-10-27 15:29 - 01888464 _____ () C:\Program Files (x86)\Opera\41.0.2353.46\libglesv2.dll
2016-10-27 15:30 - 2016-10-27 15:29 - 00094416 _____ () C:\Program Files (x86)\Opera\41.0.2353.46\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mooch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9DED83CE-2091-452A-B60B-774C410BE0A1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{D37A419B-FC67-4F74-8A07-DE7795AC104B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BE9DB34D-39A2-4941-B1B1-23536DF89412}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D2416C6E-2B32-4452-A826-450DBC5884CA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{89697D7B-D639-4661-AE56-46197EDA3006}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{991B8B00-DA06-49C7-B5DF-8E027F92D3A4}] => (Allow) LPort=2869
FirewallRules: [{94C99D69-286A-4D1E-BEEB-BDBBE64A8513}] => (Allow) LPort=1900
FirewallRules: [{69BA188D-AB42-4941-8026-35CD38C58A06}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{47BCB23D-7E76-441B-BD03-6AFB4F621B9F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{923A6862-958E-4CBE-8397-96BCF5C2881B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{667BEFDC-828A-4D30-97FF-7855A8A02F1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0B3954B8-5370-4382-B1B9-37B962671394}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B86236FB-AA5F-4765-A6DA-28C5F80C1400}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC5F8703-42A2-465E-AAF2-62B239CED99B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B07C650E-680E-4760-9965-B2F3564FDF6F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{2A431D26-587F-42EF-B2A9-564ECE15C78B}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{9A5EB523-F1F7-41C3-B3BC-6A19C17D3F4A}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{CBDF1D00-B565-4659-9A4D-A1C7F3214804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{70F3299D-A0D6-40C2-9F8D-20FCA84BC9E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
18-10-2016 01:30:49 Scheduled Checkpoint
26-10-2016 00:01:46 Scheduled Checkpoint
01-11-2016 13:09:22 Windows Update
04-11-2016 14:59:04 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2016 11:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/06/2016 11:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/05/2016 08:49:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (11/05/2016 08:49:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (11/05/2016 01:44:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2715
 
Error: (11/05/2016 01:44:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2715
 
Error: (11/05/2016 01:44:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/05/2016 01:44:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1404
 
Error: (11/05/2016 01:44:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1404
 
Error: (11/05/2016 01:44:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (11/06/2016 01:47:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.65.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072f78
 
Error description: The server returned an invalid or unrecognized response
 
Error: (11/06/2016 01:28:08 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (11/06/2016 01:28:08 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (11/06/2016 01:27:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Update Server
 
Update Stage: Download
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (11/06/2016 01:27:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Update Server
 
Update Stage: Download
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (11/05/2016 10:02:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.65.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (11/05/2016 10:02:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (11/05/2016 10:02:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1262.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (11/05/2016 08:26:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.231.1256.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13202.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (11/05/2016 01:03:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.65.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072f78
 
Error description: The server returned an invalid or unrecognized response
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8135.86 MB
Available physical RAM: 4679.9 MB
Total Virtual: 16269.93 MB
Available Virtual: 12730.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:654.69 GB) (Free:534.44 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 26415EBE)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=654.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End of Addition.txt ============================


#7 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 November 2016 - 10:09 PM

About 1 week ago, I booted in safe mode with networking.

 

Ran rkill.

 

Ran RogueKiller.

 

Ran Malwarebytes.

 

I don't remember them finding anything.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 07 November 2016 - 10:20 AM

.
You have posted twice the Scan of the AdwCleaner tool. Hope you have delete everything that was identified in the scan. If not do it.

===

Remove these programs via the Control Panel > Programs > Programs and Features.
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Toolbar: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\windows\Minidump\101816-19671-01.dmp
C:\windows\Minidump\101616-34585-01.dmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Opera.
http://www.guidingtech.com/25425/reset-chrome-firefox-safari-factory-defaults

Clean cache - Opera.
https://kb.wisc.edu/helpdesk/page.php?id=12381
===

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!

Remove this old version via the Control panel > Programs > Programs and Features.
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

===

Post the Fixlog.txt file and let me know if the problem persists.

#9 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 November 2016 - 11:09 AM

I cleaned with AdwCleaner.

 

I tried to remove Uninstall Helper.

 

Error Message:

 

"This action is only valid for products that are currently installed."

 

You have Uninstall Helper listed twice.

 

I only see it once in Uninstall or change a program.

 

Will check the rest.



#10 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 November 2016 - 11:54 AM

Fixlog.txt

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by mooch (07-11-2016 11:25:22) Run:1
Running from C:\MAIN\Downloads\AdWCleaner
Loaded Profiles: mooch (Available Profiles: mooch)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Toolbar: HKU\S-1-5-21-4013462516-1189454062-4116283837-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\windows\Minidump\101816-19671-01.dmp
C:\windows\Minidump\101616-34585-01.dmp
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4013462516-1189454062-4116283837-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
BcmSqlStartupSvc => service removed successfully
CLKMSVC10_C3B3B687 => service removed successfully
DriverService => service removed successfully
iATAgentService => service removed successfully
idealife Update Service => service removed successfully
IGRS => service removed successfully
IviRegMgr => service removed successfully
nvUpdatusService => service removed successfully
Oasis2Service => service removed successfully
PCCarerService => service removed successfully
ReadyComm.DirectRouter => service removed successfully
RichVideo => service removed successfully
RtLedService => service removed successfully
SeaPort => service removed successfully
SoftwareService => service removed successfully
SQLWriter => service removed successfully
Stereo Service => service removed successfully
"C:\Users\mooch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\windows\Minidump\101816-19671-01.dmp => moved successfully
C:\windows\Minidump\101616-34585-01.dmp => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 972293976 B
Java, Flash, Steam htmlcache => 98897 B
Windows/system/drivers => 769406567 B
Edge => 0 B
Chrome => 44066165 B
Firefox => 467519907 B
Opera => 727852272 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 98590336 B
systemprofile32 => 66356 B
LocalService => 16384 B
NetworkService => 20097764 B
mooch => 1280784805 B
 
RecycleBin => 24752874 B
EmptyTemp: => 4.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:33:28 ====


#11 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 November 2016 - 02:53 PM

I updated Flash and removed the old one.

 

What happens when I reset Opera and clean the cache?

 

I have some pages I would like to keep (I type the first few characters at the address bar and choose).

 

I have the browser start where I last left off (various tabs).



#12 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 November 2016 - 02:56 PM

Is it safe to log-in to PayPal with the Opera browser?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 08 November 2016 - 10:17 AM

If all is well forget about resetting and cleaning the Opera cache.

I do not think that your passwords have been compromised.

Just to be save I would change the one on your PayPal account.
Of any banking organization.

How is the computer running?

#14 llomlo

llomlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 08 November 2016 - 11:31 AM

I will check about the computer.

 

I am not sure about it.

 

The popup/redirect only seems to happen about once a week or so. 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 09 November 2016 - 09:35 AM

Make a note of what you were doing when it/if happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users