TechSpot

First and Addition txt file

By Thomas Parks
May 30, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
    Ran by Thomas (administrator) on THOMAS-PC on 30-05-2015 18:24:15
    Running from C:\Users\Thomas\Downloads
    Loaded Profiles: Thomas (Available Profiles: Thomas)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Windows\System32\WLTRYSVC.EXE
    (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Dell Inc.) C:\Windows\System32\WLTRAY.EXE
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (IDT, Inc.) C:\Windows\System32\stacsv.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2008-05-18] (Dell Inc.)
    HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-09] (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [202544 2008-03-11] (SupportSoft, Inc.)
    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-24] (Spotify Ltd)
    AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-08-09] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-08-09]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    BootExecute: autocheck autochk * sdnclean.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080810
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cdch0.default
    FF DefaultSearchEngine.US: Google
    FF Homepage: https://www.gmail.com/intl/en/mail/help/about.html
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-29]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 dd25e48a; c:\Program Files\PatternGenerators\PatternGenerators.dll [1765888 2015-05-20] () [File not signed]
    S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-09] (Google)
    S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-09] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
    R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-18] (Dell Inc.) [File not signed]
    S2 233d520f; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SustainerPlus\SustainerPlus.dll",serv

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIM; system32\DRIVERS\SymIM.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-30 18:24 - 2015-05-30 18:24 - 00011453 _____ () C:\Users\Thomas\Downloads\FRST.txt
    2015-05-30 18:23 - 2015-05-30 18:24 - 00000000 ____D () C:\FRST
    2015-05-30 18:22 - 2015-05-30 18:22 - 01147392 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
    2015-05-29 21:31 - 2015-05-29 21:31 - 00000000 _____ () C:\Users\Thomas\AppData\Local\Temp.dat
    2015-05-28 07:29 - 2015-05-28 07:29 - 00001969 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
    2015-05-23 12:13 - 2015-05-23 12:13 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-05-23 12:13 - 2015-05-23 12:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-05-20 22:16 - 2015-05-20 22:16 - 00000000 ____D () C:\Program Files\PatternGenerators
    2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files\uCoz Safe authorization
    2015-05-20 21:17 - 2015-05-20 21:32 - 00000000 ____D () C:\Program Files\SoftwarePlus
    2015-05-20 21:16 - 2015-05-20 22:15 - 00000000 ____D () C:\Program Files\PCCpnApp
    2015-05-20 21:14 - 2015-05-29 21:14 - 00000348 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[pr].job
    2015-05-20 16:35 - 2015-05-20 16:35 - 00000084 _____ () C:\Users\Thomas\Desktop\Volt Pace Mary Terry Friday New Hire Paper work.txt
    2015-05-17 19:03 - 2015-05-17 19:06 - 00000000 ____D () C:\Users\Thomas\Documents\Anki
    2015-05-17 19:02 - 2015-05-17 19:03 - 00000762 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    2015-05-17 19:00 - 2015-05-17 19:01 - 23237295 _____ () C:\Users\Thomas\Downloads\anki-2.0.32.exe
    2015-05-16 12:57 - 2015-05-16 12:57 - 00000183 _____ () C:\Windows\wininit.ini
    2015-05-16 08:51 - 2015-04-30 09:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-16 08:44 - 2015-04-19 14:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-05-16 08:44 - 2015-04-19 14:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-05-16 08:44 - 2015-04-19 14:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-05-16 08:44 - 2015-04-19 14:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-05-16 08:44 - 2015-04-19 13:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-05-16 08:44 - 2015-04-19 13:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-05-16 08:44 - 2015-04-19 13:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-05-16 08:44 - 2015-04-19 13:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-16 08:44 - 2015-04-19 13:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-16 08:44 - 2015-04-18 21:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-16 08:43 - 2015-04-30 06:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-16 08:29 - 2015-04-10 16:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-15 11:16 - 2015-05-15 11:16 - 00000162 _____ () C:\Users\Thomas\Documents\8.txt
    2015-05-15 09:55 - 2015-05-30 15:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-05-15 08:44 - 2015-05-27 02:08 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
    2015-05-15 08:10 - 2015-04-10 08:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-15 08:10 - 2015-04-10 08:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-15 08:10 - 2015-04-10 08:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-15 08:10 - 2015-04-10 08:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-05-15 08:10 - 2015-04-10 08:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-15 08:10 - 2015-04-10 08:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-15 08:10 - 2015-04-10 08:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-15 08:10 - 2015-04-10 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-15 08:10 - 2015-04-10 08:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-15 08:10 - 2015-04-10 08:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-15 08:10 - 2015-04-10 08:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-05-15 08:10 - 2015-04-10 08:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-05-15 08:10 - 2015-04-10 08:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-05-15 08:09 - 2015-04-10 08:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-15 08:09 - 2015-04-10 08:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-15 08:09 - 2015-04-10 08:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 22:31 - 2015-05-12 22:31 - 00000000 ____D () C:\Windows\pss
    2015-05-10 22:55 - 2015-05-30 18:16 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2015-05-10 22:55 - 2015-05-27 00:39 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2015-05-10 22:55 - 2015-05-12 09:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2015-05-10 22:54 - 2015-05-27 00:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-05-10 22:54 - 2015-05-10 22:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-05-10 22:54 - 2015-05-10 22:54 - 00001972 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-05-10 22:54 - 2015-05-10 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-05-10 22:54 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-05-10 22:52 - 2015-05-10 22:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Thomas\Downloads\spybot-2-4.exe
    2015-05-10 22:40 - 2015-05-10 22:40 - 02204160 _____ () C:\Users\Thomas\Downloads\adwcleaner_4.203.exe
    2015-05-03 14:00 - 2015-05-03 14:00 - 00889416 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\dotNetFx40_Full_setup(1).exe
    2015-05-01 14:10 - 2015-05-01 14:10 - 00027663 _____ () C:\Users\Thomas\Desktop\Thomas John Parks Resume.odt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-30 18:22 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-30 18:22 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-30 18:22 - 2006-11-02 03:33 - 00756446 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-30 18:20 - 2015-04-22 22:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-30 18:19 - 2008-08-09 12:55 - 01795567 _____ () C:\Windows\WindowsUpdate.log
    2015-05-30 18:14 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-30 16:01 - 2006-11-02 06:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-30 15:46 - 2015-04-22 20:02 - 00000000 ____D () C:\AdwCleaner
    2015-05-28 08:04 - 2015-04-19 08:00 - 00000000 ____D () C:\Users\Thomas\Desktop\Database Notes and Education
    2015-05-28 07:29 - 2015-04-21 17:43 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
    2015-05-28 07:16 - 2015-04-21 17:43 - 00000000 ____D () C:\Users\Thomas\Documents\My Digital Editions
    2015-05-27 02:16 - 2015-03-30 21:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Azureus
    2015-05-27 02:06 - 2015-03-30 08:31 - 00047616 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-27 01:34 - 2015-03-30 07:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\PeaZip
    2015-05-25 11:09 - 2015-03-30 21:28 - 00005972 _____ () C:\Users\Thomas\AppData\Local\d3d9caps.dat
    2015-05-23 12:13 - 2015-03-30 21:25 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-05-21 19:41 - 2015-03-30 06:03 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
    2015-05-21 19:40 - 2015-04-22 22:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-05-21 19:40 - 2015-04-22 22:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-05-21 15:28 - 2008-01-20 19:47 - 00088992 _____ () C:\Windows\PFRO.log
    2015-05-21 08:57 - 2015-04-02 16:06 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
    2015-05-21 08:54 - 2015-04-02 16:06 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
    2015-05-17 17:16 - 2006-11-02 05:47 - 00298672 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-17 15:21 - 2015-03-30 06:42 - 00000000 ____D () C:\Program Files\DiskInternals
    2015-05-16 10:42 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-05-16 09:17 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
    2015-05-16 09:17 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-16 08:42 - 2015-03-29 10:51 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-16 08:34 - 2006-11-02 03:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-05-15 22:32 - 2015-03-30 18:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-05-12 10:01 - 2015-03-30 20:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-05-12 10:01 - 2015-03-30 20:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe

    ==================== Files in the root of some directories =======

    2015-03-30 21:28 - 2015-05-25 11:09 - 0005972 _____ () C:\Users\Thomas\AppData\Local\d3d9caps.dat
    2015-03-30 08:31 - 2015-05-27 02:06 - 0047616 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-03-30 06:24 - 2015-03-30 06:24 - 0004662 _____ () C:\Users\Thomas\AppData\Local\Temp-log.txt
    2015-05-29 21:31 - 2015-05-29 21:31 - 0000000 _____ () C:\Users\Thomas\AppData\Local\Temp.dat

    Some files in TEMP:
    ====================
    C:\Users\Thomas\AppData\Local\Temp\ade.exe
    C:\Users\Thomas\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
    C:\Users\Thomas\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-30 18:21

    ==================== End of log ============================
     
  2. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by Thomas at 2015-05-30 18:25:01
    Running from C:\Users\Thomas\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1581059466-491620939-3557866383-500 - Administrator - Disabled)
    Guest (S-1-5-21-1581059466-491620939-3557866383-501 - Limited - Disabled)
    Thomas (S-1-5-21-1581059466-491620939-3557866383-1000 - Administrator - Enabled) => C:\Users\Thomas

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
    Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
    GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
    Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
    Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    OverDrive for Windows (HKLM\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
    PCCpnApp (HKLM\...\{44E4311D-BA06-FD43-505E-17DC53F4C22F}) (Version: - OptOn)
    PeaZip 5.5.3 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
    Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    Spotify (HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

    ==================== Restore Points =========================

    25-05-2015 11:29:33 Windows Update
    26-05-2015 18:08:17 Scheduled Checkpoint
    28-05-2015 10:44:27 Scheduled Checkpoint
    29-05-2015 17:26:54 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4D926E26-9FD0-47AA-A8E6-5FF1C2399D2E} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {6746BD93-8DE8-4175-A6DA-552BE994173B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {8BC98A6A-F672-4B17-BA91-68FFF1E3DD7B} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {9A8AD9C4-163C-4119-A321-ACDCD6425F35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
    Task: {C43D0476-623F-486C-A1A0-DF3FA8061864} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2008-08-09 18:13 - 2008-05-18 23:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
    2008-08-09 18:13 - 2008-05-18 23:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
    2015-05-10 22:54 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-05-10 22:54 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-05-10 22:54 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-05-20 22:16 - 2015-05-20 22:16 - 01765888 _____ () c:\Program Files\PatternGenerators\PatternGenerators.dll
    2015-05-10 22:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-05-10 22:54 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-05-21 19:40 - 2015-05-21 19:40 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
    MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{279ABE89-1101-46C8-85F2-79301E728F63}] => (Allow) C:\Program Files\Dell\MediaDirect\MediaDirect.exe
    FirewallRules: [{1B78D2E8-DF79-43FF-A43F-BBDA85067F4D}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
    FirewallRules: [{0AD23EEF-4901-4601-9780-A6444FAD21F9}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
    FirewallRules: [{67088829-DB1C-4B27-AA29-9C0CCCC59E81}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
    FirewallRules: [{4095F0B4-4310-49DD-B451-6306AFFE20BB}] => (Allow) LPort=80
    FirewallRules: [{193D02CC-B0E0-408C-96C4-E2F0A9FC59A8}] => (Allow) LPort=80
    FirewallRules: [{DBB6C5D3-5D06-41F1-A272-9475B4B79075}] => (Allow) LPort=80
    FirewallRules: [{C5EBED23-562E-4B68-8A93-BF86FD9E7E19}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{99A1FE91-ED50-490B-8C67-A8B3999868E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{33FE5C98-9E60-4A39-8A00-01CB4C999DE2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{66C21063-BD49-41C8-B09A-BD035E354542}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{2C60980B-591A-4F94-B19C-CC08843A721A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{54B3BE53-95C9-41B0-87C9-6CC08B9BE0DE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{7BBE5F30-78C3-44C8-A860-3ED2A6C15836}C:\users\thomas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thomas\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{9E6239A6-48EE-48CE-8133-ED32A9E20795}C:\users\thomas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thomas\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{21AD61E0-31D2-4774-A792-2979890E8BF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D4249BF-E796-4A9F-9C19-C7B503C812AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C03B9673-BF3C-42B7-ADC6-F33BB95FE3F2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{262EC3D0-26CE-436E-97EC-F75A604F3801}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/30/2015 06:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/30/2015 04:01:12 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (05/30/2015 03:48:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2886

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2886

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1420

    Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1420

    Error: (05/30/2015 03:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/30/2015 02:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 2f0
    Start Time: 01d09b1d00a214fd
    Termination Time: 0


    System errors:
    =============
    Error: (05/30/2015 06:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000SustainerPlus

    Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (05/30/2015 03:48:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2

    Error: (05/30/2015 03:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2


    Microsoft Office:
    =========================
    Error: (05/30/2015 06:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/30/2015 04:01:12 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (05/30/2015 03:48:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2886

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2886

    Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1420

    Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1420

    Error: (05/30/2015 03:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/30/2015 02:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.0.6002.180052f001d09b1d00a214fd0


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-02 13:54:07.669
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:07.388
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:07.123
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:06.857
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:00.649
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:00.383
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:54:00.118
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:53:59.869
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:52:22.571
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-02 13:52:22.306
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
    Percentage of memory in use: 63%
    Total physical RAM: 2037.31 MB
    Available physical RAM: 735.17 MB
    Total Pagefile: 4317.89 MB
    Available Pagefile: 2718.73 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1891.29 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:69.99 GB) (Free:33.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.07 GB) NTFS
    Drive f: (Data) (Fixed) (Total:66.75 GB) (Free:0.83 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 00000080)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=70 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=69.3 GB) - (Type=OF Extended)

    ==================== End of log ============================
     
    Last edited by a moderator: May 31, 2015
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    You're not saying what your computer issues are.
     
  4. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Ok. I have some adware like 500coupons and Ad Choice. Also when my CPU starts up my MS Essentials in the tray is Red (Until I click on it and than it turns green) also when I open a tab (Firefox) the mouse pointer keeps "thinking" and delays until it try to catch up to it's tasks. I hope that helps. I think I posted all the correct sections for the two required text files.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Rogue Killer Report

    RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Thomas [Administrator]
    Started from : C:\Users\Thomas\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 05/31/2015 14:31:10

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 9 ¤¤¤
    [PUM.Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} : NCO Toolbar 2.0 -> Found
    [Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] Bidaily Synchronize Task[pr].job -- c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe (--startup=1 --single) -> Found
    [Suspicious.Path] \\Bidaily Synchronize Task[pr] -- c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe (--startup=1 --single) -> Found

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] rc0cdch0.default : user_pref("browser.startup.homepage", "https://www.gmail.com/intl/en/mail/help/about.html"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM160HI +++++
    --- User ---
    [MBR] a51997b20754d95276477dd0624db8d4
    [BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20561920 | Size: 71665 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 167333040 | Size: 70920 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  7. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/31/2015
    Scan Time: 3:29:30 PM
    Logfile: Malwarebytes Anti-Malware Report.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.31.03
    Rootkit Database: v2015.05.31.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Thomas

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 309882
    Time Elapsed: 24 min, 26 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    PUP.Optional.MultiPlug.A, C:\Program Files\PatternGenerators\PatternGenerators.dll, , [cd628119f09ae55196e34e0a7e84ea16],

    Registry Keys: 54
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BF618FEC-A4A8-4EB4-A221-C62D190101E3}, , [09264a50c2c87db985954e17d52d3fc1],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.PBF618FEC_A4A8_4EB4_A221_C62D190101E3_, , [09264a50c2c87db985954e17d52d3fc1],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.9, , [09264a50c2c87db985954e17d52d3fc1],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BF618FEC-A4A8-4EB4-A221-C62D190101E3}, , [09264a50c2c87db985954e17d52d3fc1],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{44E4311D-BA06-FD43-505E-17DC53F4C22F}, , [220d5b3f4941a88e9cdc123be71b9c64],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{25D5C765-825A-4307-B06F-100F2DBB034F}, , [39f66b2ff59556e067b35213aa5839c7],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P25D5C765_825A_4307_B06F_100F2DBB034F_.P25D5C765_825A_4307_B06F_100F2DBB034F_, , [39f66b2ff59556e067b35213aa5839c7],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P25D5C765_825A_4307_B06F_100F2DBB034F_.P25D5C765_825A_4307_B06F_100F2DBB034F_.9, , [39f66b2ff59556e067b35213aa5839c7],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{25D5C765-825A-4307-B06F-100F2DBB034F}, , [39f66b2ff59556e067b35213aa5839c7],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{2F2416A5-7A31-44C0-969B-649BA08913E4}, , [c8674f4b1e6cfa3c9d7d026319e9e917],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P2F2416A5_7A31_44C0_969B_649BA08913E4_.P2F2416A5_7A31_44C0_969B_649BA08913E4_, , [c8674f4b1e6cfa3c9d7d026319e9e917],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P2F2416A5_7A31_44C0_969B_649BA08913E4_.P2F2416A5_7A31_44C0_969B_649BA08913E4_.9, , [c8674f4b1e6cfa3c9d7d026319e9e917],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2F2416A5-7A31-44C0-969B-649BA08913E4}, , [c8674f4b1e6cfa3c9d7d026319e9e917],
    PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\ConsumerInput, , [84ab6931a9e1df57ebf98b58a85b49b7],
    PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [f13ebddd2a60b28427bff7ec33d014ec],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, , [6ec19a00d7b3c076c7b753949073738d],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, , [d05fb2e8cebc3df9b2ccbf287d86639d],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, , [39f6cecc8bff033356fa65ce9e66e020],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, , [4de2cad01b6f84b29cb48da61ce8966a],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, , [41ee9bff6d1d21153b15072c907411ef],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, , [af80e1b90b7f92a4014faf842ed6926e],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, , [2807e8b2e2a81026a5abb3805ca845bb],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, , [022d7426256560d6ca863300a460f010],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, , [44eb1c7e7119ab8b014fbe75ed170ef2],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, , [f03f2773ddad1422440cac875ca8a55b],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, , [052a6733a6e4231348080d26be467789],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, , [61cebedc503ae4524709f63d986cd729],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, , [e748801a6a20b284be92b97ab74d14ec],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, , [d956a3f7e7a3e056094762d19f6553ad],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, , [49e6643636543ff79eb2be75a85c0ff1],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, , [200feeac06841422e769161d9074e41c],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, , [c966bedcbad0d0663c1437fcf80cd729],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, , [9d925e3c6c1e1d19410f84af679d11ef],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, , [2f009ffbe4a62b0b8bc548eb3acae51b],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, , [39f63763bcceca6caea2dd56986cf20e],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, , [a986792143474fe759f71221c341a35d],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, , [5fd06b2f0387aa8c70e0270cfa0add23],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, , [76b91882d4b6dc5a8cc438fb8d77db25],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, , [77b83169d2b87cbaf55b82b15fa5ca36],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, , [61ceb9e18802fa3ce070e84bed177e82],
    PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, , [939cbbdf62280e28fe52d75c8183926e],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, , [e64954468ffbce682d4f5b8cc63df907],
    PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\LOCALTEMP, , [f23d36640e7cf73f13dd97531fe431cf],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [37f8900a0684181eb408a0de16ef05fb],
    PUP.Optional.SustainerPlus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\233d520f, , [55da0f8b840690a659570577778e28d8],
    PUP.Optional.PatternGenerators.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dd25e48a, , [3ef125751971b482c97ed21a53b0ee12],
    PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [b07fb0ea434754e25c1ad1a8f213f808],
    PUP.Optional.BrowserApps.A, HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\Br0wsrApVs2.9-nv-ie, , [58d75f3b2f5b36007d68b8bd33d2f50b],
    PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\ConsumerInput, , [0d22366493f7a98d57cb32b4847fb34d],

    Registry Values: 2
    PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\LOCALTEMP|GUID, 6CBDE836-2D6F-4AC9-969F-24846333FF15, , [f23d36640e7cf73f13dd97531fe431cf]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [37f8900a0684181eb408a0de16ef05fb]

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.GlobalUpdate.A, C:\Users\Thomas\AppData\Local\Temp\comh.171645, , [ad82dac0810988ae9792a81c58abc13f],

    Files: 18
    PUP.Optional.MultiPlug.A, C:\Program Files\PatternGenerators\PatternGenerators.dll, , [cd628119f09ae55196e34e0a7e84ea16],
    PUP.Optional.MultiPlug, C:\Program Files\uCoz Safe authorization\uCoz Safe authorization.exe, , [a8877f1b35550c2a5e1a123bbf43df21],
    PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.dll, , [09264a50c2c87db985954e17d52d3fc1],
    PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.exe, , [220d5b3f4941a88e9cdc123be71b9c64],
    PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.dll, , [39f66b2ff59556e067b35213aa5839c7],
    PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.exe, , [9699e0ba86040135caae27267e8450b0],
    PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.dll, , [c8674f4b1e6cfa3c9d7d026319e9e917],
    PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.exe, , [78b72476127854e24f2976d7dc266b95],
    PUP.Optional.Softonic.SID.C, C:\Users\Thomas\Downloads\Setup.exe, , [be710e8cb1d989aded4f3e2e58ae867a],
    PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf, , [c16e990190fae650acecf7f507fc43bd],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
    PUP.Optional.Multiplug.A, C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr], , [09263862beccc472beb9adcfba4bf808],
    PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task[pr].job, , [230ca8f2a4e675c1cfa9aece8e7721df],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Adw Cleaner Log Files

    # AdwCleaner v4.203 - Logfile created 31/05/2015 at 22:21:45
    # Updated 30/04/2015 by Xplode
    # Database : 2015-05-31.5 [Server]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : Thomas - THOMAS-PC
    # Running from : C:\Users\Thomas\Downloads\adwcleaner_4.203.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16644


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [3289 bytes] - [22/04/2015 20:02:29]
    AdwCleaner[R10].txt - [1778 bytes] - [31/05/2015 22:20:24]
    AdwCleaner[R1].txt - [1108 bytes] - [10/05/2015 22:40:45]
    AdwCleaner[R2].txt - [1007 bytes] - [17/05/2015 15:26:05]
    AdwCleaner[R3].txt - [8089 bytes] - [20/05/2015 22:06:15]
    AdwCleaner[R4].txt - [2846 bytes] - [22/05/2015 11:13:15]
    AdwCleaner[R5].txt - [2846 bytes] - [22/05/2015 11:13:25]
    AdwCleaner[R6].txt - [2637 bytes] - [22/05/2015 11:49:58]
    AdwCleaner[R7].txt - [2146 bytes] - [22/05/2015 20:57:00]
    AdwCleaner[R8].txt - [2264 bytes] - [23/05/2015 19:57:13]
    AdwCleaner[R9].txt - [2241 bytes] - [30/05/2015 15:39:32]
    AdwCleaner[S0].txt - [3330 bytes] - [22/04/2015 20:04:13]
    AdwCleaner[S1].txt - [1181 bytes] - [10/05/2015 22:43:26]
    AdwCleaner[S2].txt - [7667 bytes] - [20/05/2015 22:07:18]
    AdwCleaner[S3].txt - [2750 bytes] - [22/05/2015 11:53:34]
    AdwCleaner[S4].txt - [2243 bytes] - [22/05/2015 20:58:25]
    AdwCleaner[S5].txt - [2361 bytes] - [23/05/2015 19:59:36]
    AdwCleaner[S6].txt - [2326 bytes] - [30/05/2015 15:45:59]
    AdwCleaner[S7].txt - [1703 bytes] - [31/05/2015 22:21:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1762 bytes] ##########
     
  9. Thomas Parks

    Thomas Parks TS Rookie Topic Starter

    Junkware Removal Tool Logs

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.6 (05.31.2015:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Thomas on Sun 05/31/2015 at 22:29:08.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\wininit.ini



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files\patterngenerators



    ~~~ FireFox

    Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\rc0cdch0.default\minidumps [4 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 05/31/2015 at 22:31:43.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Still with me?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...