1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Total Domination Virus

Discussion in 'Virus & Other Malware Removal' started by imarshall, Jan 19, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Hi
    Somehow I downloaded some sort of virus on my computer. I'm started to get all sort of pop ups on my browser and I discovered a game called total domination on my computer that i couldn't delete. I finally downloaded Revo Uninstaller and was able to delete the game. But i keep getting the pop ups and extra tabs for different adds when I open my browser. HELP!
     
  2. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    I forgot to add I have Windows 7 Ultimate 32bit operating system.
     
  3. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Hi imarshall,

    Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
    • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
    • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
    • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
    • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
    • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
    • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
    • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

      - Save ALL Tools to your Desktop-
      All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

      Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
      [​IMG]Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.[​IMG] Choose Settings. at the bottom of the screen click the
      "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
      [​IMG]Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. [​IMG] Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
      and the click the "Select Folder" button. Click OK to get out of the Options menu.
      [​IMG]Internet Explorer - Click the Tools menu in the upper right-corner of the browser. [​IMG] Select View downloads. Select the Options link in the lower left of the window. Click Browse and
      select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
      NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
    Let's get started....

    FIRST
    Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility (Everyone MUST read this BEFORE posting for help in this forum).

    SECOND
    Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     
  4. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, x64 Family 6 Model 15 Stepping 7
    Processor Count: 4
    RAM: 2020 Mb
    Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 476837 MB, Free - 216752 MB; D: Total - 99 MB, Free - 71 MB;
    Motherboard: Intel Corporation, DG33SXG2
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  5. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by dp (administrator) on DP-PC on 23-01-2015 11:37:10
    Running from C:\Users\dp\Desktop
    Loaded Profiles: dp (Available profiles: dp)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    (Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Program Files\Tether\TBService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-28] (Microsoft Corporation)
    AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220

    FireFox:
    ========
    FF ProfilePath: C:\Users\dp\AppData\Roaming\Mozilla\Firefox\Profiles\huob7hey.default
    FF DefaultSearchEngine: Google
    FF Homepage: google.com
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtDtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtDtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
    CHR DefaultSearchKeyword: Default -> Vosteran.com
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (Google Wallet) - C:\Users\dp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
    CHR StartMenuInternet: Google Chrome - chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 Tether; C:\Program Files\Tether\TBService.exe [49080 2010-03-03] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
    S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD.sys [459392 2009-06-25] (AVerMedia TECHNOLOGIES, Inc.)
    R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [35608 2008-05-14] (ITE Tech. Inc.)
    R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-23] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [17408 2009-07-09] (Apple Inc.) [File not signed]
    S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
    S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed]
    S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [45608 2009-10-16] (Tether)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
    S3 U2G300NB; C:\Windows\System32\DRIVERS\U2G300NB.sys [322360 2007-04-15] (Marvell Semiconductor, Inc)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-23 11:37 - 2015-01-23 11:37 - 00011976 _____ () C:\Users\dp\Desktop\FRST.txt
    2015-01-23 11:36 - 2015-01-23 11:37 - 00000000 ____D () C:\FRST
    2015-01-23 11:36 - 2015-01-23 11:36 - 01118208 _____ (Farbar) C:\Users\dp\Desktop\FRST.exe
    2015-01-23 10:20 - 2015-01-23 11:34 - 00509440 _____ (Tech Support Guy System) C:\Users\dp\Desktop\SysInfo.exe
    2015-01-22 08:36 - 2011-01-10 06:43 - 1573556048 _____ () C:\Users\dp\Downloads\Elki.2010.mkv
    2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\&#1054;&#1087;&#1077;&#1088;&#1072;&#1094;&#1080;&#1103; «&#1067;» &#1080; &#1076;&#1088;&#1091;&#1075;&#1080;&#1077; &#1087;&#1088;&#1080;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1080;&#1103; &#1064;&#1091;&#1088;&#1080;&#1082;&#1072; _ &#1060;&#1080;&#1083;&#1100;&#1084; &#1087;&#1086;&#1083;&#1085;&#1086;&#1089;&#1090;&#1100;&#1102; _ HD 1080p.mp4
    2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\&#1050;&#1088;&#1077;&#1087;&#1082;&#1080;&#1081; &#1086;&#1088;&#1077;&#1096;&#1077;&#1082;.mp4
    2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\&#1041;&#1077;&#1079; &#1075;&#1086;&#1076;&#1091; &#1085;&#1077;&#1076;&#1077;&#1083;&#1103; (&#1092;&#1080;&#1083;&#1100;&#1084;).mp4
    2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\&#1054;&#1090;&#1094;&#1099; &#1080; &#1076;&#1077;&#1076;&#1099; (1982) &#1055;&#1086;&#1083;&#1085;&#1072;&#1103; &#1074;&#1077;&#1088;&#1089;&#1080;&#1103;.mp4
    2015-01-21 20:45 - 2015-01-21 20:45 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-21 20:45 - 2015-01-21 20:45 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-21 20:45 - 2015-01-21 20:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-01-21 20:45 - 2015-01-21 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-21 19:47 - 2015-01-23 11:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-21 19:47 - 2015-01-21 19:47 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-21 19:47 - 2015-01-21 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-21 19:46 - 2015-01-21 19:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-21 19:46 - 2015-01-21 19:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\dp\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-21 19:46 - 2015-01-21 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-21 19:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-21 19:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-21 19:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-21 19:03 - 2015-01-21 20:13 - 00021696 _____ () C:\Windows\PFRO.log
    2015-01-21 19:03 - 2015-01-21 20:13 - 00000168 _____ () C:\Windows\setupact.log
    2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-21 18:27 - 2015-01-21 18:27 - 00000000 ____D () C:\SUPERDelete
    2015-01-21 18:25 - 2015-01-23 08:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-21 18:25 - 2015-01-21 18:25 - 00001965 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\Users\dp\AppData\Roaming\SUPERAntiSpyware.com
    2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-01-21 18:25 - 2015-01-21 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-01-21 18:23 - 2015-01-21 18:23 - 21057344 _____ (SUPERAntiSpyware) C:\Users\dp\Downloads\SUPERAntiSpyware.exe
    2015-01-21 16:41 - 2015-01-21 16:43 - 00002032 _____ () C:\Users\dp\Desktop\Rkill.txt
    2015-01-21 16:41 - 2015-01-21 16:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\dp\Downloads\rkill.exe
    2015-01-18 19:03 - 2015-01-18 19:03 - 05317104 _____ (Piriform Ltd) C:\Users\dp\Downloads\ccsetup501.exe
    2015-01-18 18:54 - 2015-01-23 11:26 - 00576176 _____ () C:\Windows\WindowsUpdate.log
    2015-01-18 18:21 - 2015-01-18 18:21 - 00001234 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\Users\dp\AppData\Local\VS Revo Group
    2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2015-01-18 18:21 - 2015-01-18 18:21 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-01-18 18:21 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
    2015-01-18 18:20 - 2015-01-18 18:20 - 10801480 _____ (VS Revo Group ) C:\Users\dp\Downloads\RevoUninProSetup.exe
    2015-01-18 18:09 - 2015-01-18 18:09 - 164495362 _____ () C:\Users\dp\Documents\rebot.reg
    2015-01-18 17:48 - 2015-01-18 17:55 - 00000000 ____D () C:\AdwCleaner
    2015-01-18 17:47 - 2015-01-18 17:47 - 02186752 _____ () C:\Users\dp\Downloads\AdwCleaner.exe
    2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
    2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
    2015-01-18 16:44 - 2015-01-18 16:43 - 04813544 _____ (Piriform Ltd) C:\Users\dp\Downloads\CCleanerSetup.exe
    2015-01-18 16:43 - 2015-01-18 16:43 - 00847048 _____ ( ) C:\Users\dp\Downloads\Ccleaner_Setup.exe
    2015-01-18 13:35 - 2015-01-18 13:35 - 00000046 _____ () C:\Users\dp\AppData\Roaming\WB.CFG
    2015-01-18 13:19 - 2015-01-18 13:20 - 00000000 ____D () C:\Users\dp\.smplayer
    2015-01-18 13:13 - 2015-01-18 13:36 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-01-18 12:44 - 2015-01-18 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
    2015-01-18 12:44 - 2015-01-18 12:44 - 00000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
    2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieUserList
    2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieSiteList
    2015-01-18 12:35 - 2015-01-18 12:35 - 00000000 __SHD () C:\Users\dp\AppData\Local\EmieBrowserModeList
    2015-01-18 12:33 - 2015-01-18 12:34 - 00808440 _____ ( ) C:\Users\dp\Downloads\adobe_flash_setup.exe
    2015-01-18 10:15 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-18 10:15 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-18 10:15 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-18 10:15 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-17 10:27 - 2015-01-17 10:27 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
    2015-01-17 09:05 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-17 09:05 - 2014-12-11 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-10 08:36 - 2015-01-10 08:36 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2015-01-10 08:36 - 2015-01-10 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-01-10 08:36 - 2015-01-10 08:36 - 00000000 ____D () C:\Program Files\QuickTime
    2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103; (1980) &#1057;&#1086;&#1074;&#1077;&#1090;&#1089;&#1082;&#1072;&#1103; &#1084;&#1077;&#1083;&#1086;&#1076;&#1088;&#1072;&#1084;&#1072; «&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103;» &#1089;&#1084;&#1086;&#1090;&#1088;&#1077;&#1090;&#1100; &#1086;&#1085;&#1083;&#1072;&#1081;&#1085;.mp4
    2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\&#1054;&#1076;&#1085;&#1072;&#1078;&#1076;&#1099; &#1076;&#1074;&#1072;&#1076;&#1094;&#1072;&#1090;&#1100; &#1083;&#1077;&#1090; &#1089;&#1087;&#1091;&#1089;&#1090;&#1103; (1980) &#1055;&#1086;&#1083;&#1085;&#1072;&#1103; &#1074;&#1077;&#1088;&#1089;&#1080;&#1103;.mp4
    2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\&#1057;&#1082;&#1072;&#1079;&#1082;&#1072; &#1052;&#1086;&#1088;&#1086;&#1079;&#1082;&#1086;, &#1089;&#1084;&#1086;&#1090;&#1088;&#1077;&#1090;&#1100; &#1089;&#1082;&#1072;&#1079;&#1082;&#1091; &#1052;&#1086;&#1088;&#1086;&#1079;&#1082;&#1086;.mp4

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-23 11:27 - 2014-12-20 14:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 20:13 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-20 09:16 - 2014-06-24 09:38 - 00000000 ____D () C:\Users\dp\AppData\Local\Windows Live
    2015-01-18 19:49 - 2014-03-08 11:26 - 00000000 ____D () C:\Program Files\Google
    2015-01-18 19:02 - 2014-03-08 11:26 - 00000000 ____D () C:\Users\dp\AppData\Local\Google
    2015-01-18 18:47 - 2011-01-28 09:17 - 00000000 ____D () C:\Program Files\VideoLAN
    2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Apple Computer
    2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Local\Apple Computer
    2015-01-18 18:43 - 2010-12-25 10:09 - 00000000 ____D () C:\Users\dp\AppData\Roaming\DVDVideoSoft
    2015-01-18 18:42 - 2010-12-25 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2015-01-18 18:38 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Research In Motion
    2015-01-18 18:37 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
    2015-01-18 17:59 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Spotify
    2015-01-18 17:55 - 2010-12-25 10:09 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
    2015-01-18 17:55 - 2009-07-13 18:04 - 00000615 _____ () C:\Windows\win.ini
    2015-01-18 13:45 - 2010-06-04 20:12 - 00000000 ____D () C:\ProgramData\LogiShrd
    2015-01-18 13:45 - 2010-06-04 20:01 - 00000000 ____D () C:\Program Files\Common Files\logishrd
    2015-01-18 13:38 - 2011-04-04 16:00 - 00000000 ____D () C:\Users\dp\AppData\Local\Adobe
    2015-01-18 13:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Resources
    2015-01-18 13:19 - 2010-03-09 20:09 - 00000000 ____D () C:\Users\dp
    2015-01-18 03:05 - 2014-06-15 15:51 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-18 03:01 - 2014-06-15 15:51 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-17 10:27 - 2014-02-26 11:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-17 10:27 - 2014-02-26 11:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-17 08:58 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Local\Spotify
    2015-01-13 08:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-31 03:13 - 2010-03-09 20:34 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======
    2010-09-04 14:03 - 2011-03-28 19:43 - 0000231 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.Exception.log
    2010-08-28 23:16 - 2014-05-26 07:36 - 0002810 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2015-01-18 13:35 - 2015-01-18 13:35 - 0000046 _____ () C:\Users\dp\AppData\Roaming\WB.CFG
    2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
    2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2014-02-28 12:57 - 2014-07-27 19:35 - 0021308 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-17 09:59

    ==================== End Of Log ============================
     
  6. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by dp at 2015-01-23 11:38:20
    Running from C:\Users\dp\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
    Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    Spotify (HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
    Tether 1.1.0.2 (HKLM\...\{2863C12B-2A02-4258-8495-6220605B2E5C}_is1) (Version: - Tether)
    Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
    Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

    ==================== Restore Points =========================

    18-01-2015 19:00:23 Revo Uninstaller Pro's restore point - Google Drive
    18-01-2015 19:00:34 Removed Google Drive
    18-01-2015 19:07:16 Revo Uninstaller Pro's restore point - Mozilla Firefox 34.0.5 (x86 en-US)
    18-01-2015 22:04:20 Windows Update
    21-01-2015 20:03:40 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
    21-01-2015 20:05:50 Revo Uninstaller Pro's restore point - Windows Media Player Firefox Plugin
    21-01-2015 20:08:00 Revo Uninstaller Pro's restore point - Adobe Flash Player 16 NPAPI
    21-01-2015 20:09:46 Revo Uninstaller Pro's restore point - Mozilla Firefox 35.0 (x86 en-US)
    21-01-2015 20:10:50 Revo Uninstaller Pro's restore point - CCleaner
    23-01-2015 08:20:03 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:04 - 2015-01-18 14:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1A4CFA3E-54DC-4C5F-B75D-10B189E7B5AE} - System32\Tasks\{D7481EBF-347D-4C4C-A11B-CE974327DA41} => Firefox.exe
    Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;publisherID=1_73 --app-window-size=1280,1024
    Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;publisherID=1_73 --app-window-size=1280,1024
    Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
    Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {5A2E1F26-7485-4793-887B-8B4FB515C02A} - System32\Tasks\{40A1C0A2-E9DD-4798-83BC-783406255C52} => C:\Program Files\Skype\Phone\Skype.exe
    Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
    Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
    Task: {AFDAE746-58C6-4018-B2FF-EA6FFC550DFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {CADF2EF5-1EB5-43B3-875B-B6739B4B528E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
    Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-03-13 18:33 - 2010-02-10 18:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
    2010-03-31 20:46 - 2010-03-03 10:17 - 00049080 _____ () C:\Program Files\Tether\TBService.exe
    2015-01-21 20:45 - 2015-01-09 01:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^dp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^dp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Spotify => "C:\Users\dp\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\dp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3358529588-1858457421-2119217295-500 - Administrator - Disabled)
    dp (S-1-5-21-3358529588-1858457421-2119217295-1000 - Administrator - Enabled) => C:\Users\dp
    Guest (S-1-5-21-3358529588-1858457421-2119217295-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: Tether Ethernet Adapter
    Description: Tether Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Tether
    Service: qrkis
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/23/2015 08:53:33 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (01/22/2015 09:11:47 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (01/21/2015 08:03:40 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {9f9ebf13-2313-4941-906c-3fa6d3c4a39c}

    Error: (01/21/2015 06:26:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
    Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x9ac
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (01/21/2015 00:18:22 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (01/20/2015 08:19:17 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (01/20/2015 07:42:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
    Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x16b8
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (01/20/2015 07:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 35.0.0.5486, time stamp: 0x54af74c1
    Faulting module name: zoompicl32.dll_unloaded, version: 0.0.0.0, time stamp: 0x54b0695e
    Exception code: 0xc0000005
    Fault offset: 0x631268a7
    Faulting process id: 0xa30
    Faulting application start time: 0xfirefox.exe0
    Faulting application path: firefox.exe1
    Faulting module path: firefox.exe2
    Report Id: firefox.exe3

    Error: (01/20/2015 07:40:37 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 35.0.0.5486, time stamp: 0x54af74c1
    Faulting module name: zoompicl32.dll_unloaded, version: 0.0.0.0, time stamp: 0x54b0695e
    Exception code: 0xc0000005
    Fault offset: 0x631484bd
    Faulting process id: 0xa30
    Faulting application start time: 0xfirefox.exe0
    Faulting application path: firefox.exe1
    Faulting module path: firefox.exe2
    Report Id: firefox.exe3

    Error: (01/18/2015 06:55:32 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {a2dd599f-ce60-4cb3-a9cc-2e6a8ad8a693}


    System errors:
    =============
    Error: (01/23/2015 11:07:20 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/23/2015 11:07:13 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/23/2015 11:07:07 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/23/2015 11:07:00 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/23/2015 11:06:54 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/23/2015 11:06:48 AM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (01/21/2015 11:00:03 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

    Error: (01/21/2015 07:04:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    bbnfd_1_10_0_6

    Error: (01/21/2015 07:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Util Dynamo Combo service failed to start due to the following error:
    %%2

    Error: (01/21/2015 07:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update Dynamo Combo service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
    Percentage of memory in use: 60%
    Total physical RAM: 2020.78 MB
    Available physical RAM: 801.09 MB
    Total Pagefile: 4041.56 MB
    Available Pagefile: 2276.55 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:211.58 GB) NTFS
    Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4AF0C922)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  7. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    yesturday I had downloaded SUPERAntiSpiware and MalwarebytesAnti Malware. It seemed to have stopped the pop-ups but i dont know if it fixed everything.
     
  8. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    The SAS and Malwarebytes Antimalware fixed a lot but not everything. The following should clean the rest and then we will check for remains....

    FIRST, Run a Fixlist script please ....

    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.


    SECOND, a JRT scan

    Junkware Removal Tool
    Please download JRT from here to your desktop.

    Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

    Double click the JRT.exe file to run the application.

    The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

    When it is asked, press any key to allow the program to continue / run.

    This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

    Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


    THIRD, a AdwCleaner scan

    AdwCleaner by Xplode

    Download AdwCleaner from here or from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:

      [​IMG]
    2. Click the Scan button and wait for the scan to finish.
    3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    4. Click the Clean button.
    5. Everything checked will be deleted.
    6. When the program has finished cleaning a report appears.
    7. Once done it will ask to reboot, allow this

      [​IMG]
    8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
    Optional:

    NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


    Information to Reply with >>>>
    • The Fixlog.txt log text
    • The JRT.txt log text
    • The AdwCleaner[S#].txt log text
    • How is the system now? Still no popups or redirects?
     

    Attached Files:

  9. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
    Ran by dp at 2015-01-24 11:03:24 Run:1
    Running from C:\Users\dp\Desktop
    Loaded Profiles: dp (Available profiles: dp)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220
    FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
    CHR DefaultSearchKeyword: Default -> Vosteran.com
    CHR StartMenuInternet: Google Chrome - chrome.exe
    S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
    Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
    Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
    Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
    Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
    Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
    Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
    Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
    2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4
    2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\??????? ??????.mp4
    2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4
    2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4
    2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
    2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
    2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4
    2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4
    2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4
    2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
    C:\Users\dp\AppData\Local\GeniusBox
    C:\Program Files\uTorrent
    EmptyTemp:
    Reboot:
    end

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "C:/PROGRA~2/{6D978~1/171~1.0/desa.dll" => Value Data removed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}\\NameServer => value deleted successfully.
    "HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin" => Key deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
    NMIndexingService => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Total Domination W1 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W1" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Total Domination W2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W2" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
    C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A0F545A-C8DA-4198-953D-97F4893E4489}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Check Updates => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{254525AF-A45E-47CE-9ECE-9A62FDEE0024}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C3CDBDD-E221-43E6-B75C-FE38F838176F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
    Could not move "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => Scheduled to move on reboot.
    C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R => Moved successfully.
    C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE} => Moved successfully.
    Could not move "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => Scheduled to move on reboot.
    C:\ProgramData\ezsidmv.dat => Moved successfully.
    C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a => Moved successfully.
    "C:\Users\dp\AppData\Local\GeniusBox" => File/Directory not found.
    "C:\Program Files\uTorrent" => File/Directory not found.
    EmptyTemp: => Removed 21.9 GB temporary data.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-24 11:06:48)<=

    "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => File could not move.
    "C:\Users\dp\Downloads\??????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => File could not move.
    "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => File could not move.
    "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => File could not move.

    ==== End of Fixlog 11:06:50 ====
     
  10. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
    Ran by dp at 2015-01-24 11:03:24 Run:1
    Running from C:\Users\dp\Desktop
    Loaded Profiles: dp (Available profiles: dp)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    AppInit_DLLs: C:/PROGRA~2/{6D978~1/171~1.0/desa.dll => C:/PROGRA~2/{6D978~1/171~1.0/desa.dll [649216 2015-01-18] ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Tcpip\..\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}: [NameServer] 208.67.222.222,208.67.220.220
    FF Plugin: @ei.SmileyCentral_1v.com/Plugin -> C:\Program Files\SmileyCentral_1vEI\Installr\2.bin\NP1vEISB.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtC0AtDtBtDtC0A0Azy0Ct DtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V 1N2Y1L1Qzu2StBtDtB0DtA0CyCtDtG0B0EtCyBtG0CtDyEyDtG0EtAtCzztGyByB0C0EyCyDtC0 E0CzzyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0F0FtDyD0FyDtGyC0AyBtDtGyE0E0EyEtGzz 0FyD0EtG0DtAyB0CyB0A0CtAyD0BtByD2Q&cr=349076420&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M27DA1FA7-A8BF-47AE-90C4-D4D31A989524&SearchSource=55&CUI=&UM=8&UP=SP1CC8F61D-BE0A-4DCA-998E-6DAFF319FD49&SSPV="
    CHR DefaultSearchKeyword: Default -> Vosteran.com
    CHR StartMenuInternet: Google Chrome - chrome.exe
    S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
    Task: {2D47F95E-0F7F-493A-8235-A90C9C085098} - System32\Tasks\Total Domination W1 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
    Task: {44FEB0A7-357C-421B-B2AB-7630389A7CB9} - System32\Tasks\Total Domination W2 => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=44113&amp;ClickID=tDtDtCzy0DtC0AtDtBtDtC0A0Azy0CtD&amp;pub lisherID=1_73 --app-window-size=1280,1024
    Task: {4EB8DB11-B9CB-42DE-8634-BB5C173C0260} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\dp\AppData\Local\GeniusBox\client.exe"
    Task: {510FFC62-2208-4F72-B8FD-3DDAA91527D4} - System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {6983CA78-71D8-4636-B5E5-04B16278AB42} - System32\Tasks\Check Updates => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
    Task: {9C60BC5D-8934-49E9-BFCA-DE110FFE0674} - System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => pcalua.exe -a C:\Users\dp\Downloads\PdaNetBB130.exe -d C:\Users\dp\Desktop
    Task: {D8201FD0-76F5-4098-9193-397957BC6C03} - System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Firefox.exe
    Task: {E1A25800-3CF0-4478-8CC6-83F1AC95B936} - System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => C:\Program Files\uTorrent\uTorrent.exe
    Task: {E741E35B-A064-4521-B0E2-E8E6D8404276} - System32\Tasks\Validate Installation => C:\Users\dp\AppData\Local\GeniusBox\updater.exe
    2015-01-22 08:18 - 2015-01-22 08:21 - 384018385 _____ () C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4
    2015-01-22 08:15 - 2015-01-22 08:18 - 338027396 _____ () C:\Users\dp\Downloads\??????? ??????.mp4
    2015-01-22 07:53 - 2015-01-22 07:58 - 479895704 _____ () C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4
    2015-01-22 07:35 - 2015-01-22 07:37 - 268313770 _____ () C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4
    2015-01-18 16:44 - 2015-01-18 18:36 - 00000000 ____D () C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R
    2015-01-18 16:44 - 2015-01-18 16:44 - 00000000 ____D () C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE}
    2015-01-08 09:52 - 2015-01-08 09:55 - 252722766 _____ () C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4
    2015-01-08 09:50 - 2015-01-08 09:56 - 407309607 _____ () C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4
    2014-12-27 18:57 - 2014-12-27 18:59 - 369221578 _____ () C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4
    2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
    C:\Users\dp\AppData\Local\GeniusBox
    C:\Program Files\uTorrent
    EmptyTemp:
    Reboot:
    end

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "C:/PROGRA~2/{6D978~1/171~1.0/desa.dll" => Value Data removed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E807AA4E-4D04-49E1-8CB3-DD307BCAAF85}\\NameServer => value deleted successfully.
    "HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin" => Key deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
    NMIndexingService => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
    "HKU\S-1-5-21-3358529588-1858457421-2119217295-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D47F95E-0F7F-493A-8235-A90C9C085098}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Total Domination W1 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W1" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FEB0A7-357C-421B-B2AB-7630389A7CB9}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Total Domination W2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total Domination W2" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB8DB11-B9CB-42DE-8634-BB5C173C0260}" => Key deleted successfully.
    C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510FFC62-2208-4F72-B8FD-3DDAA91527D4}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{6A0F545A-C8DA-4198-953D-97F4893E4489} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A0F545A-C8DA-4198-953D-97F4893E4489}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6983CA78-71D8-4636-B5E5-04B16278AB42}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Check Updates => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C60BC5D-8934-49E9-BFCA-DE110FFE0674}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CAEC479-6CF1-489E-A73D-2B6EE57DE155}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8201FD0-76F5-4098-9193-397957BC6C03}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{254525AF-A45E-47CE-9ECE-9A62FDEE0024} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{254525AF-A45E-47CE-9ECE-9A62FDEE0024}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A25800-3CF0-4478-8CC6-83F1AC95B936}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{4C3CDBDD-E221-43E6-B75C-FE38F838176F} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C3CDBDD-E221-43E6-B75C-FE38F838176F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E741E35B-A064-4521-B0E2-E8E6D8404276}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
    Could not move "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => Scheduled to move on reboot.
    C:\Users\dp\AppData\Roaming\1H1Q1V1N1N1S1R => Moved successfully.
    C:\ProgramData\{6D978554-3D15-54D2-8C93-24505C11F7DE} => Moved successfully.
    Could not move "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => Scheduled to move on reboot.
    Could not move "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => Scheduled to move on reboot.
    C:\ProgramData\ezsidmv.dat => Moved successfully.
    C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a => Moved successfully.
    "C:\Users\dp\AppData\Local\GeniusBox" => File/Directory not found.
    "C:\Program Files\uTorrent" => File/Directory not found.
    EmptyTemp: => Removed 21.9 GB temporary data.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-24 11:06:48)<=

    "C:\Users\dp\Downloads\???????? «?» ? ?????? ??????????? ?????? _ ????? ????????? _ HD 1080p.mp4" => File could not move.
    "C:\Users\dp\Downloads\??????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\??? ???? ?????? (?????).mp4" => File could not move.
    "C:\Users\dp\Downloads\???? ? ???? (1982) ?????? ??????.mp4" => File could not move.
    "C:\Users\dp\Desktop\??????? ???????? ??? ?????? (1980) ????????? ????????? «??????? ???????? ??? ??????» ???????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\??????? ???????? ??? ?????? (1980) ?????? ??????.mp4" => File could not move.
    "C:\Users\dp\Downloads\?????? ???????, ???????? ?????? ???????.mp4" => File could not move.

    ==== End of Fixlog 11:06:50 ====
     
  11. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x86
    Ran by dp on Sat 01/24/2015 at 11:15:45.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\dp\AppData\Roaming\netassistant"



    ~~~ FireFox

    Emptied folder: C:\Users\dp\AppData\Roaming\mozilla\firefox\profiles\huob7hey.default\minidumps [79 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/24/2015 at 11:18:10.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    # AdwCleaner v4.109 - Report created 24/01/2015 at 11:27:32
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-24.4 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Username : dp - DP-PC
    # Running from : C:\Users\dp\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v35.0 (x86 en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [16438 octets] - [18/01/2015 17:49:36]
    AdwCleaner[R1].txt - [964 octets] - [24/01/2015 11:25:47]
    AdwCleaner[S0].txt - [15578 octets] - [18/01/2015 17:54:45]
    AdwCleaner[S1].txt - [888 octets] - [24/01/2015 11:27:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [947 octets] ##########
     
  13. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Everything seems to be working just fine. Thank you
     
  14. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Let's have two final checks shall we?

    FIRST

    Start Malwarebytes' Anti-Malware.
    • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
    • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
    • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
    • Follow the instructions given by Malwarebytes' Anti-Malware.
    • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
    • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
    • Save the logfile in txt-format and copy/paste it in your next reply.
    • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

    SECOND


    This next step may take a while (just to warn you) .....

    ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

    You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

    Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

    Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

    -------------------------------------------------------------------------------------------------------------------

    Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

    Link =>> ESET Online Scanner <<

    Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

    [​IMG]

    For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
    Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

    [​IMG]

    Double click on the icon on your desktop.

    [​IMG]

    Check (accept) the Terms of Use.

    [​IMG]

    Click the START button.
    Accept any security warnings from your browser.

    Now in the Computer scan settings window that appears:-
    Make sure that the option Enable detection of potentially unwanted applications is selected.
    Now click on Advanced Settings and configure the options as follows:

    Remove found threats is Not checked
    Scan archives is checked
    Scan for potentially unsafe applications is checked
    Enable Anti-Stealth Technology is checked


    Now click on: Start
    [​IMG]



    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [​IMG]


    [​IMG]

    When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

    [​IMG]

    At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

    [​IMG]

    Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

    [​IMG]

    Attach the saved log file in your next reply please. Thanks.
     
  15. imarshall

    imarshall Thread Starter

    Joined:
    Jan 19, 2015
    Messages:
    16
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/28/2015
    Scan Time: 5:35:38 PM
    Logfile: scan log a.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.29.01
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: dp

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 497578
    Time Elapsed: 2 hr, 3 min, 21 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 6
    PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\SolutionRealbho.dll.vir, Quarantined, [7dd4f700aedb95a163aa52b38979b14f],
    PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\updateSolutionReal.exe.vir, Quarantined, [e46d787f513882b49b73c0457c863cc4],
    PUP.Optional.SolutionReal.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\utilSolutionReal.exe.vir, Quarantined, [dd74688fb3d672c42de159ac32d0bd43],
    PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\plugins\SolutionReal.BroStats.dll.vir, Quarantined, [b59c7b7c5f2afa3c1c6dd5fb5da4857b],
    PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Solution Real\bin\plugins\SolutionReal.PurBrowseG.dll.vir, Quarantined, [57fa8275a4e5b58191980b01649e867a],
    Trojan.Agent.W, C:\Users\dp\Desktop\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe, Quarantined, [72dfce291a6f3cfaa6afd28561a49c64],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141517

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice