Total Domination Virus

[imarshall]

Hi
Somehow I downloaded some sort of virus on my computer. I'm started to get all sort of pop ups on my browser and I discovered a game called total domination on my computer that i couldn't delete. I finally downloaded Revo Uninstaller and was able to delete the game. But i keep getting the pop ups and extra tabs for different adds when I open my browser. HELP!

 

[imarshall]

I forgot to add I have Windows 7 Ultimate 32bit operating system.

 

[dbreeze]

Hi imarshall,

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  
  
  - Save ALL Tools to your Desktop-
  ​
  All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
  
  Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
  
  
  Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  
  Choose Settings. at the bottom of the screen click the
  "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
  
  
  Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
  
  Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
  and the click the "Select Folder" button. Click OK to get out of the Options menu.
  
  
  Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
  
  Select View downloads. Select the Options link in the lower left of the window. Click Browse and
  select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
  NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
  

Let's get started....

FIRST
Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility (Everyone MUST read this BEFORE posting for help in this forum).

SECOND
Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

[imarshall]

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, x64 Family 6 Model 15 Stepping 7
Processor Count: 4
RAM: 2020 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 476837 MB, Free - 216752 MB; D: Total - 99 MB, Free - 71 MB;
Motherboard: Intel Corporation, DG33SXG2
Antivirus: Microsoft Security Essentials, Updated and Enabled

 

[imarshall]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by dp (administrator) on DP-PC on 23-01-2015 11:37:10
Running from C:\Users\dp\Desktop
Loaded Profiles: dp (Available profiles: dp)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Tether\TBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-28] (Microsoft Corporation)
AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\dp\AppData\Roaming\Mozilla\Firefox\Profiles\huob7hey.default
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtDtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtDtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
CHR DefaultSearchKeyword: Default -> Vosteran.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Tether; C:\Program Files\Tether\TBService.exe [49080 2010-03-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD.sys [459392 2009-06-25] (AVerMedia TECHNOLOGIES, Inc.)
R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [35608 2008-05-14] (ITE Tech. Inc.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [17408 2009-07-09] (Apple Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed]
S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [45608 2009-10-16] (Tether)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
S3 U2G300NB; C:\Windows\System32\DRIVERS\U2G300NB.sys [322360 2007-04-15] (Marvell Semiconductor, Inc)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 11:37 - 2015-01-23 11:37 - 00011976 _____ () C:\Users\dp\Desktop\FRST.txt
2015-01-23 11:36 - 2015-01-23 11:37 - 00000000 ____D () C:\FRST
2015-01-23 11:36 - 2015-01-23 11:36 - 01118208 _____ (Farbar) C:\Users\dp\Desktop\FRST.exe
2015-01-23 10:20 - 2015-01-23 11:34 - 00509440 _____ (Tech Support Guy System) C:\Users\dp\Desktop\SysInfo.exe
2015-01-22 08:36 - 2011-01-10 06:43 - 1573556048 _____ () C:\Users\dp\Downloads\Elki.2010.mkv
2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\&#1054;&#1087;&#1077;&#1088;&#1072;&#1094;&#1080;&#1103; «&#1067;» &#1080; &#1076;&#1088;&#1091;&#1075;&#1080;&#1077; &#1087;&#1088;&#1080;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1080;&#1103; &#1064;&#1091;&#1088;&#1080;&#1082;&#1072; _ &#1060;&#1080;&#1083;&#1100;&#1084; &#1087;&#1086;&#1083;&#1085;&#1086;&#1089;&#1090;&#1100;&#1102; _ HD 1080p.mp4
2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\&#1050;&#1088;&#1077;&#1087;&#1082;&#1080;&#1081; &#1086;&#1088;&#1077;&#1096;&#1077;&#1082;.mp4
2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\&#1041;&#1077;&#1079; &#1075;&#1086;&#1076;&#1091; &#1085;&#1077;&#1076;&#1077;&#1083;&#1103; (&#1092;&#1080;&#1083;&#1100;&#1084.mp4
2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\&#1054;&#1090;&#1094;&#1099; &#1080; &#1076;&#1077;&#1076;&#1099; (1982) &#1055;&#1086;&#1083;&#1085;&#1072;&#1103; &#1074;&#1077;&#1088;&#1089;&#1080;&#1103;.mp4
2015-01-21 20:45 - 2015-01-21 20:45 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-21 20:45 - 2015-01-21 20:45 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-21 20:45 - 2015-01-21 20:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-21 20:45 - 2015-01-21 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-21 19:47 - 2015-01-23 11:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 19:47 - 2015-01-21 19:47 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 19:47 - 2015-01-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 19:46 - 2015-01-21 19:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-21 19:46 - 2015-01-21 19:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\dp\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 19:46 - 2015-01-21 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 19:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 19:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 19:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 19:03 - 2015-01-21 20:13 - 00021696 _____ () C:\Windows\PFRO.log
2015-01-21 19:03 - 2015-01-21 20:13 - 00000168 _____ () C:\Windows\setupact.log
2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-21 18:27 - 2015-01-21 18:27 - 00000000 ____D () C:\SUPERDelete
2015-01-21 18:25 - 2015-01-23 08:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-21 18:25 - 2015-01-21 18:25 - 00001965 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\Users\dp\AppData\Roaming\SUPERAntiSpyware.com
2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-21 18:23 - 2015-01-21 18:23 - 21057344 _____ (SUPERAntiSpyware) C:\Users\dp\Downloads\SUPERAntiSpyware.exe
2015-01-21 16:41 - 2015-01-21 16:43 - 00002032 _____ () C:\Users\dp\Desktop\Rkill.txt
2015-01-21 16:41 - 2015-01-21 16:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\dp\Downloads\rkill.exe
2015-01-18 19:03 - 2015-01-18 19:03 - 05317104 _____ (Piriform Ltd) C:\Users\dp\Downloads\ccsetup501.exe
2015-01-18 18:54 - 2015-01-23 11:26 - 00576176 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 18:21 - 2015-01-18 18:21 - 00001234 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\Users\dp\AppData\Local\VS Revo Group
2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-18 18:21 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 10801480 _____ (VS Revo Group ) C:\Users\dp\Downloads\RevoUninProSetup.exe
2015-01-18 18:09 - 2015-01-18 18:09 - 164495362 _____ () C:\Users\dp\Documents\rebot.reg
2015-01-18 17:48 - 2015-01-18 17:55 - 00000000 ____D () C:\AdwCleaner
2015-01-18 17:47 - 2015-01-18 17:47 - 02186752 _____ () C:\Users\dp\Downloads\AdwCleaner.exe
2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
2015-01-18 16:44 - 2015-01-18 16:43 - 04813544 _____ (Piriform Ltd) C:\Users\dp\Downloads\CCleanerSetup.exe
2015-01-18 16:43 - 2015-01-18 16:43 - 00847048 _____ ( ) C:\Users\dp\Downloads\Ccleaner_Setup.exe
2015-01-18 13:35 - 2015-01-18 13:35 - 00000046 _____ () C:\Users\dp\AppData\Roaming\WB.CFG
2015-01-18 13:19 - 2015-01-18 13:20 - 00000000 ____D () C:\Users\dp\.smplayer
2015-01-18 13:13 - 2015-01-18 13:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-18 12:44 - 2015-01-18 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-18 12:44 - 2015-01-18 12:44 - 00000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieUserList
2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieSiteList
2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieBrowserModeList
2015-01-18 12:33 - 2015-01-18 12:34 - 00808440 _____ ( ) C:\Users\dp\Downloads\adobe_flash_setup.exe
2015-01-18 10:15 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-18 10:15 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-18 10:15 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-18 10:15 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 10:27 - 2015-01-17 10:27 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-17 09:05 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 09:05 - 2014-12-11 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-10 08:36 - 2015-01-10 08:36 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-10 08:36 - 2015-01-10 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-10 08:36 - 2015-01-10 08:36 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103; (1980) &#1057;&#1086;&#1074;&#1077;&#1090;&#1089;&#1082;&#1072;&#1103; &#1084;&#1077;&#1083;&#1086;&#1076;&#1088;&#1072;&#1084;&#1072; «&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103;» &#1089;&#1084;&#1086;&#1090;&#1088;&#1077;&#1090;&#1100; &#1086;&#1085;&#1083;&#1072;&#1081;&#1085;.mp4
2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103; (1980) &#1055;&#1086;&#1083;&#1085;&#1072;&#1103; &#1074;&#1077;&#1088;&#1089;&#1080;&#1103;.mp4
2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\&#1057;&#1082;&#1072;&#1079;&#1082;&#1072; &#1052;&#1086;&#1088;&#1086;&#1079;&#1082;&#1086;, &#1089;&#1084;&#1086;&#1090;&#1088;&#1077;&#1090;&#1100; &#1089;&#1082;&#1072;&#1079;&#1082;&#1091; &#1052;&#1086;&#1088;&#1086;&#1079;&#1082;&#1086;.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 11:27 - 2014-12-20 14:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:13 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 09:16 - 2014-06-24 09:38 - 00000000 ____D () C:\Users\dp\AppData\Local\Windows Live
2015-01-18 19:49 - 2014-03-08 11:26 - 00000000 ____D () C:\Program Files\Google
2015-01-18 19:02 - 2014-03-08 11:26 - 00000000 ____D () C:\Users\dp\AppData\Local\Google
2015-01-18 18:47 - 2011-01-28 09:17 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Apple Computer
2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Local\Apple Computer
2015-01-18 18:43 - 2010-12-25 10:09 - 00000000 ____D () C:\Users\dp\AppData\Roaming\DVDVideoSoft
2015-01-18 18:42 - 2010-12-25 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-18 18:38 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Research In Motion
2015-01-18 18:37 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2015-01-18 17:59 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Spotify
2015-01-18 17:55 - 2010-12-25 10:09 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-18 17:55 - 2009-07-13 18:04 - 00000615 _____ () C:\Windows\win.ini
2015-01-18 13:45 - 2010-06-04 20:12 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-18 13:45 - 2010-06-04 20:01 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-18 13:38 - 2011-04-04 16:00 - 00000000 ____D () C:\Users\dp\AppData\Local\Adobe
2015-01-18 13:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Resources
2015-01-18 13:19 - 2010-03-09 20:09 - 00000000 ____D () C:\Users\dp
2015-01-18 03:05 - 2014-06-15 15:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 03:01 - 2014-06-15 15:51 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 10:27 - 2014-02-26 11:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-17 10:27 - 2014-02-26 11:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-17 08:58 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Local\Spotify
2015-01-13 08:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 03:13 - 2010-03-09 20:34 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2010-09-04 14:03 - 2011-03-28 19:43 - 0000231 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.Exception.log
2010-08-28 23:16 - 2014-05-26 07:36 - 0002810 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-01-18 13:35 - 2015-01-18 13:35 - 0000046 _____ () C:\Users\dp\AppData\Roaming\WB.CFG
2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-02-28 12:57 - 2014-07-27 19:35 - 0021308 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 09:59

==================== End Of Log ============================

 

[imarshall]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by dp at 2015-01-23 11:38:20
Running from C:\Users\dp\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Tether 1.1.0.2 (HKLM\...\{2863C12B-2A02-4258-8495-6220605B2E5C}_is1) (Version: - Tether)
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

==================== Restore Points =========================

18-01-2015 19:00:23 Revo Uninstaller Pro's restore point - Google Drive
18-01-2015 19:00:34 Removed Google Drive
18-01-2015 19:07:16 Revo Uninstaller Pro's restore point - Mozilla Firefox 34.0.5 (x86 en-US)
18-01-2015 22:04:20 Windows Update
21-01-2015 20:03:40 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
21-01-2015 20:05:50 Revo Uninstaller Pro's restore point - Windows Media Player Firefox Plugin
21-01-2015 20:08:00 Revo Uninstaller Pro's restore point - Adobe Flash Player 16 NPAPI
21-01-2015 20:09:46 Revo Uninstaller Pro's restore point - Mozilla Firefox 35.0 (x86 en-US)
21-01-2015 20:10:50 Revo Uninstaller Pro's restore point - CCleaner
23-01-2015 08:20:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2015-01-18 14:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A4CFA3E-54DC-4C5F-B75D-10B189E7B5AE} - System32\Tasks\{D7481EBF-347D-4C4C-A11B-CE974327DA41} => Firefox.exe
Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;publisherID=1_73 --app-window-size=1280,1024
Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;publisherID=1_73 --app-window-size=1280,1024
Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
Task: {5A2E1F26-7485-4793-887B-8B4FB515C02A} - System32\Tasks\{40A1C0A2-E9DD-4798-83BC-783406255C52} => C:\Program Files\Skype\Phone\Skype.exe
Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
Task: {AFDAE746-58C6-4018-B2FF-EA6FFC550DFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CADF2EF5-1EB5-43B3-875B-B6739B4B528E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-13 18:33 - 2010-02-10 18:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-31 20:46 - 2010-03-03 10:17 - 00049080 _____ () C:\Program Files\Tether\TBService.exe
2015-01-21 20:45 - 2015-01-09 01:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^dp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify => "C:\Users\dp\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\dp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3358529588-1858457421-2119217295-500 - Administrator - Disabled)
dp (S-1-5-21-3358529588-1858457421-2119217295-1000 - Administrator - Enabled) => C:\Users\dp
Guest (S-1-5-21-3358529588-1858457421-2119217295-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Tether Ethernet Adapter
Description: Tether Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Tether
Service: qrkis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 08:53:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/22/2015 09:11:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/21/2015 08:03:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9f9ebf13-2313-4941-906c-3fa6d3c4a39c}

Error: (01/21/2015 06:26:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x9ac
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/21/2015 00:18:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/20/2015 08:19:17 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/20/2015 07:42:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x16b8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/20/2015 07:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 35.0.0.5486, time stamp: 0x54af74c1
Faulting module name: zoompicl32.dll_unloaded, version: 0.0.0.0, time stamp: 0x54b0695e
Exception code: 0xc0000005
Fault offset: 0x631268a7
Faulting process id: 0xa30
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/20/2015 07:40:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 35.0.0.5486, time stamp: 0x54af74c1
Faulting module name: zoompicl32.dll_unloaded, version: 0.0.0.0, time stamp: 0x54b0695e
Exception code: 0xc0000005
Fault offset: 0x631484bd
Faulting process id: 0xa30
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/18/2015 06:55:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a2dd599f-ce60-4cb3-a9cc-2e6a8ad8a693}


System errors:
=============
Error: (01/23/2015 11:07:20 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/23/2015 11:07:13 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/23/2015 11:07:07 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/23/2015 11:07:00 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/23/2015 11:06:54 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/23/2015 11:06:48 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (01/21/2015 11:00:03 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (01/21/2015 07:04:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bbnfd_1_10_0_6

Error: (01/21/2015 07:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Dynamo Combo service failed to start due to the following error:
%%2

Error: (01/21/2015 07:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Dynamo Combo service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 2020.78 MB
Available physical RAM: 801.09 MB
Total Pagefile: 4041.56 MB
Available Pagefile: 2276.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:211.58 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4AF0C922)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[imarshall]

yesturday I had downloaded SUPERAntiSpiware and MalwarebytesAnti Malware. It seemed to have stopped the pop-ups but i dont know if it fixed everything.

 

[dbreeze]

The SAS and Malwarebytes Antimalware fixed a lot but not everything. The following should clean the rest and then we will check for remains....

FIRST, Run a Fixlist script please ....

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.


SECOND, a JRT scan

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


THIRD, a AdwCleaner scan

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
   You will see the following console:
   
   
   
2. Click the Scan button and wait for the scan to finish.
3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
4. Click the Clean button.
5. Everything checked will be deleted.
6. When the program has finished cleaning a report appears.
7. Once done it will ask to reboot, allow this
   
   
   
8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Information to Reply with >>>>

• The Fixlog.txt log text
• The JRT.txt log text
• The AdwCleaner[S#].txt log text
• How is the system now? Still no popups or redirects?

 

[imarshall]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by dp at 2015-01-24 11:03:24 Run:1
Running from C:\Users\dp\Desktop
Loaded Profiles: dp (Available profiles: dp)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220
FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
CHR DefaultSearchKeyword: Default -> Vosteran.com
CHR StartMenuInternet: Google Chrome - chrome.exe
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4
2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\??????? ??????.mp4
2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4
2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4
2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4
2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4
2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4
2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
C:\Users\dp\AppData\Local\GeniusBox
C:\Program Files\uTorrent
EmptyTemp:
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:/PROGRA~2/{6D978~1/171~1.0/desa.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
NMIndexingService => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
C:\Windows\System32\Tasks\Total Domination W1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Total Domination W2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A0F545A-C8DA-4198-953D-97F4893E4489}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
C:\Windows\System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{254525AF-A45E-47CE-9ECE-9A62FDEE0024}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C3CDBDD-E221-43E6-B75C-FE38F838176F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
Could not move "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => Scheduled to move on reboot.
C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R => Moved successfully.
C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE} => Moved successfully.
Could not move "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => Scheduled to move on reboot.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a => Moved successfully.
"C:\Users\dp\AppData\Local\GeniusBox" => File/Directory not found.
"C:\Program Files\uTorrent" => File/Directory not found.
EmptyTemp: => Removed 21.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-24 11:06:48)<=

"C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => File could not move.
"C:\Users\dp\Downloads\??????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => File could not move.
"C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => File could not move.
"C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => File could not move.

==== End of Fixlog 11:06:50 ====

 

[imarshall]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by dp at 2015-01-24 11:03:24 Run:1
Running from C:\Users\dp\Desktop
Loaded Profiles: dp (Available profiles: dp)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220
FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
CHR DefaultSearchKeyword: Default -> Vosteran.com
CHR StartMenuInternet: Google Chrome - chrome.exe
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4
2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\??????? ??????.mp4
2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4
2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4
2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4
2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4
2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4
2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
C:\Users\dp\AppData\Local\GeniusBox
C:\Program Files\uTorrent
EmptyTemp:
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:/PROGRA~2/{6D978~1/171~1.0/desa.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
NMIndexingService => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
"HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
C:\Windows\System32\Tasks\Total Domination W1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Total Domination W2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A0F545A-C8DA-4198-953D-97F4893E4489}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
C:\Windows\System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{254525AF-A45E-47CE-9ECE-9A62FDEE0024}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C3CDBDD-E221-43E6-B75C-FE38F838176F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
Could not move "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => Scheduled to move on reboot.
C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R => Moved successfully.
C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE} => Moved successfully.
Could not move "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => Scheduled to move on reboot.
Could not move "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => Scheduled to move on reboot.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a => Moved successfully.
"C:\Users\dp\AppData\Local\GeniusBox" => File/Directory not found.
"C:\Program Files\uTorrent" => File/Directory not found.
EmptyTemp: => Removed 21.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-24 11:06:48)<=

"C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => File could not move.
"C:\Users\dp\Downloads\??????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => File could not move.
"C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => File could not move.
"C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => File could not move.
"C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => File could not move.

==== End of Fixlog 11:06:50 ====

 

[imarshall]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by dp on Sat 01/24/2015 at 11:15:45.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\dp\AppData\Roaming\netassistant"



~~~ FireFox

Emptied folder: C:\Users\dp\AppData\Roaming\mozilla\firefox\profiles\huob7hey.default\minidumps [79 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/24/2015 at 11:18:10.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[imarshall]

# AdwCleaner v4.109 - Report created 24/01/2015 at 11:27:32
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : dp - DP-PC
# Running from : C:\Users\dp\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [16438 octets] - [18/01/2015 17:49:36]
AdwCleaner[R1].txt - [964 octets] - [24/01/2015 11:25:47]
AdwCleaner[S0].txt - [15578 octets] - [18/01/2015 17:54:45]
AdwCleaner[S1].txt - [888 octets] - [24/01/2015 11:27:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [947 octets] ##########

 

[imarshall]

Everything seems to be working just fine. Thank you

 

[dbreeze]

Let's have two final checks shall we?

FIRST

Start Malwarebytes' Anti-Malware.

• On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
• Then click the Scan tab. Select Custom Scan and click the Start Scan button.
• In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
• Follow the instructions given by Malwarebytes' Anti-Malware.
• If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
• It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
• Save the logfile in txt-format and copy/paste it in your next reply.
• Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

SECOND


This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Double click on the icon on your desktop.

Check (accept) the Terms of Use.

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

Attach the saved log file in your next reply please. Thanks.

 

[imarshall]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/28/2015
Scan Time: 5:35:38 PM
Logfile: scan log a.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.29.01
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: dp

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 497578
Time Elapsed: 2 hr, 3 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\SolutionRealbho.dll.vir, Quarantined, [7dd4f700aedb95a163aa52b38979b14f],
PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\updateSolutionReal.exe.vir, Quarantined, [e46d787f513882b49b73c0457c863cc4],
PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\utilSolutionReal.exe.vir, Quarantined, [dd74688fb3d672c42de159ac32d0bd43],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\plugins\SolutionReal.BroStats.dll.vir, Quarantined, [b59c7b7c5f2afa3c1c6dd5fb5da4857b],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\plugins\SolutionReal.PurBrowseG.dll.vir, Quarantined, [57fa8275a4e5b58191980b01649e867a],
Trojan.Agent.W, C:\Users\dp\Desktop\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe, Quarantined, [72dfce291a6f3cfaa6afd28561a49c64],

Physical Sectors: 0
(No malicious items detected)


(end)