Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unwanted Tabs Open in Browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unwanted Tabs Open in Browser

Unread postby dreslick » October 4th, 2014, 8:04 am

Hello!

Thank you for looking at this post. I am working with a computer from a friend. The laptop is a Dell Inspiron. While browsing multiple tabs open up redirecting me to sites no one should ever see. It is happening with Chrome and IE. Here are the logs you requested:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by karen at 6:51:52 on 2014-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.474 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = <-loopback>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.dll
BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.dll
BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.dll
BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.dll
BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [fst_us_52] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B} : DHCPNameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\3327460264C6F6F6270294E6475627E6564702C4F657E67656 : DHCPNameServer = 10.240.4.44 10.240.4.47
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\74F6164702242756164786 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\A616461613233343 : DHCPNameServer = 97.64.183.164 97.64.209.37
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\perfor~1\perfor~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.x64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.x64.dll
x64-BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.x64.dll
x64-BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.x64.dll
x64-BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.x64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-19 55280]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 dfc86759;Performancer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-19 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-10 24904]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-16 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-10-04 11:32:31 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B330933E-A17F-4BBC-ACDE-DC4EF396524A}\gapaengine.dll
2014-10-04 11:30:18 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1367E700-FFE6-44CD-93A1-7ED6061C25E6}\mpengine.dll
2014-10-04 11:22:11 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-04 11:22:11 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-27 00:31:44 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D34702E-728B-452D-92F3-C3A4A8D43F2C}\gapaengine.dll
2014-09-27 00:24:58 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-16 00:22:57 -------- d-----w- C:\ProgramData\siavinshop
2014-09-14 00:43:59 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 00:43:59 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 22:37:19 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 22:37:19 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 22:36:16 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 22:36:15 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 22:35:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 22:35:53 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 22:35:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 22:35:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-12 22:35:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-07 02:32:36 -------- d-----w- C:\ProgramData\unicoupons
2014-09-07 02:31:44 -------- d-----w- C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl
2014-09-04 21:31:09 -------- d-----w- C:\Users\karen\AppData\Local\{5EE9BA20-5CFF-48BC-915B-647CDDE81926}
.
==================== Find3M ====================
.
2014-09-24 20:33:31 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 20:33:31 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 23:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 23:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 6:54:36.97 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by karen at 6:51:52 on 2014-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.474 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = <-loopback>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.dll
BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.dll
BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.dll
BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.dll
BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [fst_us_52] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B} : DHCPNameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\3327460264C6F6F6270294E6475627E6564702C4F657E67656 : DHCPNameServer = 10.240.4.44 10.240.4.47
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\74F6164702242756164786 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\A616461613233343 : DHCPNameServer = 97.64.183.164 97.64.209.37
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\perfor~1\perfor~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.x64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.x64.dll
x64-BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.x64.dll
x64-BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.x64.dll
x64-BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.x64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-19 55280]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 dfc86759;Performancer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-19 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-10 24904]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-16 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-10-04 11:32:31 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B330933E-A17F-4BBC-ACDE-DC4EF396524A}\gapaengine.dll
2014-10-04 11:30:18 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1367E700-FFE6-44CD-93A1-7ED6061C25E6}\mpengine.dll
2014-10-04 11:22:11 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-04 11:22:11 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-27 00:31:44 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D34702E-728B-452D-92F3-C3A4A8D43F2C}\gapaengine.dll
2014-09-27 00:24:58 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-16 00:22:57 -------- d-----w- C:\ProgramData\siavinshop
2014-09-14 00:43:59 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 00:43:59 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 22:37:19 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 22:37:19 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 22:36:16 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 22:36:15 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 22:35:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 22:35:53 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 22:35:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 22:35:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-12 22:35:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-07 02:32:36 -------- d-----w- C:\ProgramData\unicoupons
2014-09-07 02:31:44 -------- d-----w- C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl
2014-09-04 21:31:09 -------- d-----w- C:\Users\karen\AppData\Local\{5EE9BA20-5CFF-48BC-915B-647CDDE81926}
.
==================== Find3M ====================
.
2014-09-24 20:33:31 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 20:33:31 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 23:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 23:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 6:54:36.97 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by karen at 6:51:52 on 2014-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.474 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = <-loopback>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.dll
BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.dll
BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.dll
BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.dll
BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [fst_us_52] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B} : DHCPNameServer = 10.110.220.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\3327460264C6F6F6270294E6475627E6564702C4F657E67656 : DHCPNameServer = 10.240.4.44 10.240.4.47
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\74F6164702242756164786 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FE82315B-5AAB-49E8-BB0C-70327FA2E96B}\A616461613233343 : DHCPNameServer = 97.64.183.164 97.64.209.37
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\perfor~1\perfor~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: ProShuopper: {1773541F-09C2-D3AC-0736-F6A71A221CBF} - C:\ProgramData\ProShuopper\MjMHfMAZGH.x64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: saveeoron: {551383EC-19FE-BD95-6856-39F1EE94B066} - C:\ProgramData\saveeoron\rrbCEyN7T.x64.dll
x64-BHO: unicoupons: {627B1115-B4FB-CCE6-B041-C4779BDE16B2} - C:\ProgramData\unicoupons\KJomyGBk.x64.dll
x64-BHO: siavinshop: {669D2A4B-DE31-849C-6AEE-CA8F02B606FE} - C:\ProgramData\siavinshop\jmTRamIQK.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: PProeShopper: {BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} - C:\ProgramData\PProeShopper\uP1Qw.x64.dll
x64-BHO: eaSytooShop: {C33601E2-6589-A9B0-E1DD-D2257A04E70B} - C:\ProgramData\eaSytooShop\tznTNQ.x64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: savinsHHOpp: {F02C05E5-3D72-A078-D079-23746A04947D} - C:\ProgramData\savinsHHOpp\_PbEhtMh59.x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-19 55280]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 dfc86759;Performancer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-19 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-10 24904]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-16 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-10-04 11:32:31 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B330933E-A17F-4BBC-ACDE-DC4EF396524A}\gapaengine.dll
2014-10-04 11:30:18 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1367E700-FFE6-44CD-93A1-7ED6061C25E6}\mpengine.dll
2014-10-04 11:22:11 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-04 11:22:11 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-27 00:31:44 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D34702E-728B-452D-92F3-C3A4A8D43F2C}\gapaengine.dll
2014-09-27 00:24:58 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 22:11:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-16 00:22:57 -------- d-----w- C:\ProgramData\siavinshop
2014-09-14 00:43:59 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 00:43:59 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 22:37:19 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 22:37:19 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 22:36:16 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 22:36:15 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 22:35:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 22:35:53 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 22:35:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 22:35:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-12 22:35:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-07 02:32:36 -------- d-----w- C:\ProgramData\unicoupons
2014-09-07 02:31:44 -------- d-----w- C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl
2014-09-04 21:31:09 -------- d-----w- C:\Users\karen\AppData\Local\{5EE9BA20-5CFF-48BC-915B-647CDDE81926}
.
==================== Find3M ====================
.
2014-09-24 20:33:31 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 20:33:31 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 23:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 23:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 6:54:36.97 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/23/2010 5:06:03 PM
System Uptime: 10/4/2014 6:13:10 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 164.298 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0034
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0034
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ssnfd
Device ID: ROOT\LEGACY_SSNFD\0000
Manufacturer:
Name: ssnfd
PNP Device ID: ROOT\LEGACY_SSNFD\0000
Service: ssnfd
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID:
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID:
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID:
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709a
Device ID: ROOT\MULTIFUNCTION\0035
Manufacturer: HP
Name: Officejet 6500 E709a
PNP Device ID: ROOT\MULTIFUNCTION\0035
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID:
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer:
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
==== System Restore Points ===================
.
RP540: 8/21/2014 7:51:07 PM - Windows Update
RP541: 8/25/2014 5:07:40 PM - Windows Update
RP542: 8/27/2014 8:09:56 AM - Windows Update
RP543: 8/28/2014 5:19:05 PM - Windows Update
RP544: 8/29/2014 10:13:24 AM - Restore Operation
RP545: 9/1/2014 10:15:54 AM - Windows Update
RP546: 9/4/2014 4:24:23 PM - Windows Update
RP547: 9/8/2014 7:10:47 PM - Windows Update
RP548: 9/11/2014 7:57:53 PM - Windows Update
RP549: 9/13/2014 7:42:57 PM - Windows Update
RP550: 9/16/2014 7:45:35 PM - Windows Update
RP551: 9/22/2014 2:19:23 PM - Windows Update
RP552: 9/24/2014 8:06:47 PM - Windows Update
RP553: 10/4/2014 6:29:04 AM - Windows Update
RP554: 10/4/2014 6:39:38 AM - Windows Update
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: guardxkickoff.exe - svchost.exe
IFEO: jumpflip - tasklist.exe
IFEO: mcmpeng.exe - svchost.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchinstaller.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: searchsettings.exe - tasklist.exe
IFEO: searchsettings64.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: umbrella.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: volaro - tasklist.exe
IFEO: vonteera - tasklist.exe
IFEO: websteroids.exe - tasklist.exe
IFEO: websteroidsservice.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: guardxkickoff.exe - svchost.exe
x64-IFEO: jumpflip - tasklist.exe
x64-IFEO: mcmpeng.exe - svchost.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: searchinstaller.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: searchsettings.exe - tasklist.exe
x64-IFEO: searchsettings64.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: umbrella.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: volaro - tasklist.exe
x64-IFEO: vonteera - tasklist.exe
x64-IFEO: websteroids.exe - tasklist.exe
x64-IFEO: websteroidsservice.exe - tasklist.exe
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Activeris AntiMalware
Adobe Flash Player 10 Plugin
Adobe Flash Player 15 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.12)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Auslogics Disk Defrag
BufferChm
CCScore
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Copy
D3DX10
Dell Communications (Support Software)
Dell Driver Download Manager
Dell Edoc Viewer
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
eaSytooShop
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
F4500
Google Chrome
Google Toolbar for Internet Explorer
GPBaseService2
HLPPDOCK
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Intel® Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 17 (64-bit)
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Suite Activation Assistant
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Performancer
PowerDVD DX
PProeShopper
Quickset64
QuickTime
Roxio Burn
saveeoron
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
SFR
SHASTA
siavinshop
SKIN0001
SKINXSDK
Skype Click to Call
Skype™ 6.16
SmartWebPrinting
Software Updater version 1.9.7
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spotify
staticcr
Status
Toolbox
TrayApp
unicoupons
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VPRINTOL
WebReg
WildTangent Games
WildWestCoupon
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/27/2014 5:36:34 PM, Error: NetBT [4321] - The name "KAREN :0" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
9/27/2014 4:47:47 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{FE82315B-5AAB-49E8-BB0C-70327FA2E96B} because another computer on the network has the same name. The server could not start.
9/27/2014 4:47:44 PM, Error: NetBT [4321] - The name "KAREN :20" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
10/4/2014 6:15:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/4/2014 6:14:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 113.4.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.11005.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/4/2014 6:14:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.185.1273.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11005.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/4/2014 6:14:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.185.1273.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11005.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/4/2014 6:14:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.185.1273.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11005.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/4/2014 6:14:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ssnfd
10/4/2014 6:14:01 AM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
10/4/2014 6:13:55 AM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
10/4/2014 6:13:45 AM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 6th, 2014, 6:58 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 6th, 2014, 7:14 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Now click on Create.
  • Give the new restore point a name like "Start Fix", then click Create again.
  • Now click OK.

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Activeris AntiMalware
Adobe Reader X (10.1.12
eaSytooShop
Java 7 Update 45
Java(TM) 6 Update 17 (64-bit)
McAfee Security Scan Plus
Performancer
PProeShopper
saveeoron
siavinshop
unicoupons
WildWestCoupon


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.


As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 6th, 2014, 8:43 pm

Malwarebytes' scan ended abruptly - I thought I did something, so I quarantined the files as instructed, saved the log to the desktop and ran another after the first. When I went to get the log from the first scan, I could not find it :(

Here is the result of the second scan:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/6/2014
Scan Time: 6:40:03 PM
Logfile: malwarebytes2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.06.10
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: karen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328806
Time Elapsed: 33 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

As requested, I am posting each log individually.
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 6th, 2014, 8:44 pm

Here is the AdwCleaner Log:
# AdwCleaner v3.311 - Report created 06/10/2014 at 19:19:53
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : karen - KAREN
# Running from : C:\Users\karen\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\eaSytooShop
Folder Deleted : C:\ProgramData\PProeShopper
Folder Deleted : C:\ProgramData\ProShuopper
Folder Deleted : C:\ProgramData\saveeoron
Folder Deleted : C:\ProgramData\savinsHHOpp
Folder Deleted : C:\ProgramData\siavinshop
Folder Deleted : C:\ProgramData\SofftCCoeuup
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\eaSytooShop
Folder Deleted : C:\Program Files (x86)\PProeShopper
Folder Deleted : C:\Program Files (x86)\saveeoron
Folder Deleted : C:\Program Files (x86)\siavinshop
Folder Deleted : C:\Users\karen\AppData\Local\globalUpdate
Folder Deleted : C:\Users\karen\AppData\Local\PackageAware
Folder Deleted : C:\Users\karen\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\karen\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\karen\AppData\Roaming\Activeris
Folder Deleted : C:\Users\karen\AppData\Roaming\Systweak
Folder Deleted : C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofacoglogogfoelmaflgklejfjpgdibl
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\karen\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\karen\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\karen\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Classes\SaveRon.SaveRon
Key Deleted : HKLM\SOFTWARE\Classes\SaveRon.SaveRon.4.5
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons.2.0
Key Deleted : HKLM\SOFTWARE\Classes\savvinShop.savvinShop
Key Deleted : HKLM\SOFTWARE\Classes\savvinShop.savvinShop.2.3
Key Deleted : HKLM\SOFTWARE\Classes\PProShopper.PProShopper
Key Deleted : HKLM\SOFTWARE\Classes\PProShopper.PProShopper.4.87
Key Deleted : HKLM\SOFTWARE\Classes\eassytoesuhiop.eassytoesuhiop
Key Deleted : HKLM\SOFTWARE\Classes\eassytoesuhiop.eassytoesuhiop.1.8
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{551383EC-19FE-BD95-6856-39F1EE94B066}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{627B1115-B4FB-CCE6-B041-C4779BDE16B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{669D2A4B-DE31-849C-6AEE-CA8F02B606FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{551383EC-19FE-BD95-6856-39F1EE94B066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{627B1115-B4FB-CCE6-B041-C4779BDE16B2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669D2A4B-DE31-849C-6AEE-CA8F02B606FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{551383EC-19FE-BD95-6856-39F1EE94B066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{627B1115-B4FB-CCE6-B041-C4779BDE16B2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{669D2A4B-DE31-849C-6AEE-CA8F02B606FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{551383EC-19FE-BD95-6856-39F1EE94B066}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{627B1115-B4FB-CCE6-B041-C4779BDE16B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{669D2A4B-DE31-849C-6AEE-CA8F02B606FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{551383EC-19FE-BD95-6856-39F1EE94B066}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{627B1115-B4FB-CCE6-B041-C4779BDE16B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{669D2A4B-DE31-849C-6AEE-CA8F02B606FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ofacoglogogfoelmaflgklejfjpgdibl

*************************

AdwCleaner[R0].txt - [16695 octets] - [06/10/2014 19:16:22]
AdwCleaner[S0].txt - [15707 octets] - [06/10/2014 19:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15768 octets] ##########
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 6th, 2014, 8:45 pm

Here is the FRST report:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by karen (administrator) on KAREN on 06-10-2014 19:24:27
Running from C:\Users\karen\Desktop
Loaded Profile: karen (Available profiles: karen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\runonceex: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4172288-307113608-2096777836-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKCU - C437175EC2AE4B0585DB247DFCA60CB6 URL = http://isearch.avg.com/search?cid={D3958284-D6F4-461B-B086-A82C6581B3FE}&mid=dfa027e9feb947d0b80375f39d2625a6-766f2ab19f6c176a3d82c1aef3f7543f47f0e762&lang=en&ds=AVG&pr=pr&d=2012-07-07 22:21:54&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A3646558-CC56-4130-984C-B25DB2E38CFD} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C44527E8-B8BB-4357-8765-D2B39FE879B2&apn_sauid=54454734-1428-4CBC-B927-51A96BCD2577
SearchScopes: HKCU - {CE979B0A-5DFC-4065-BCE9-0060B76F8D54} URL =
SearchScopes: HKCU - {DE528CDC-E04B-4348-82D8-1473B0380C3A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.110.220.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-07]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]
CHR Extension: (Google Drive) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04]
CHR Extension: (Google Search) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04]
CHR Extension: (Template) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjnfaoifoefmnbhhlbppaebgnccfddf [2014-09-15]
CHR Extension: (Vichrome) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi [2014-07-08]
CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2014-06-08]
CHR Extension: (Color My SNS) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoogpgfefbafjjifeikjajmhjknghfh [2014-08-17]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnpfagfhjhipc [2014-07-28]
CHR Extension: (Google Wallet) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR Extension: (No Name) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofacoglogogfoelmaflgklejfjpgdibl [2014-06-08]
CHR Extension: (Color Icons for Gmail) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn [2014-06-22]
CHR Extension: (G calize) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp [2014-10-06]
CHR Extension: (Gmail) - C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04]
CHR Extension: (unicoupons) - C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl\ [2014-06-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [X]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-13] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 19:24 - 2014-10-06 19:25 - 00016536 _____ () C:\Users\karen\Desktop\FRST.txt
2014-10-06 19:24 - 2014-10-06 19:24 - 00000000 ____D () C:\FRST
2014-10-06 19:23 - 2014-10-06 19:23 - 00015945 _____ () C:\Users\karen\Desktop\AdwCleaner[S0].txt
2014-10-06 19:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 19:16 - 2014-10-06 19:20 - 00000000 ____D () C:\AdwCleaner
2014-10-06 19:15 - 2014-10-06 19:15 - 00001063 _____ () C:\Users\karen\Desktop\malwarebytes2.txt
2014-10-06 17:55 - 2014-10-06 17:57 - 02109952 _____ (Farbar) C:\Users\karen\Desktop\FRST64.exe
2014-10-06 17:51 - 2014-10-06 17:52 - 01375089 _____ () C:\Users\karen\Desktop\adwcleaner_3.311.exe
2014-10-06 17:48 - 2014-10-06 18:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 17:47 - 2014-10-06 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 17:46 - 2014-10-06 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 17:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-06 17:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-06 07:17 - 2014-10-06 07:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KAREN-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-06 07:00 - 2014-10-06 07:00 - 00000000 ____D () C:\RegBackup
2014-10-06 06:58 - 2014-10-06 06:58 - 00002233 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-06 06:58 - 2014-10-06 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-06 06:57 - 2014-10-06 06:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-06 06:46 - 2014-10-06 06:56 - 04215184 _____ () C:\Users\karen\Downloads\tweaking.com_registry_backup_setup.exe
2014-10-06 06:35 - 2014-10-06 06:35 - 00000000 ____D () C:\Users\karen\AppData\Local\{364FF0BD-1D00-46A6-80C9-5CEB37FCA9C8}
2014-10-04 06:55 - 2014-10-04 06:55 - 00019969 _____ () C:\Users\karen\Desktop\attach.txt
2014-10-04 06:55 - 2014-10-04 06:54 - 00023232 _____ () C:\Users\karen\Desktop\dds.txt
2014-10-04 06:50 - 2014-10-04 06:51 - 00688992 ____R (Swearware) C:\Users\karen\Desktop\dds.scr
2014-10-04 06:49 - 2014-10-04 06:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\karen\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 06:41 - 2014-10-04 06:51 - 00000000 ____D () C:\Users\karen\Desktop\Malware Removal
2014-10-04 06:22 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 06:22 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 20:02 - 2014-10-06 19:22 - 00001300 _____ () C:\Windows\setupact.log
2014-09-24 20:02 - 2014-09-24 20:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 17:11 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:11 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-16 19:46 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 19:46 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-16 19:46 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 19:46 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 19:46 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 19:46 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-16 19:46 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 19:46 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 19:46 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 19:46 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 19:46 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 19:46 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 19:46 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-16 19:46 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 19:46 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 19:46 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 19:46 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 19:46 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 19:46 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 19:46 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-16 19:46 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-16 19:46 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 19:46 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-16 19:46 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 19:46 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-16 19:46 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-16 19:46 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-16 19:46 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-16 19:46 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 19:46 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 19:46 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-16 19:46 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-16 19:46 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 19:46 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-16 19:46 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-16 19:46 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-16 19:46 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-16 19:46 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 19:46 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 19:46 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 19:46 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-16 19:46 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-16 19:46 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-16 19:46 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-16 19:46 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-16 19:46 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 19:46 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-16 19:46 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 19:46 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-16 19:46 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-16 19:46 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-16 19:46 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 19:46 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-16 19:46 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-16 19:46 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 19:46 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 19:43 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 19:43 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 17:37 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 17:37 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 17:36 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 17:36 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 17:35 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 17:35 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 17:35 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 17:35 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 17:35 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-06 21:31 - 2014-09-06 21:31 - 00000000 ____D () C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 19:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 19:21 - 2010-05-19 21:22 - 00000000 ____D () C:\dell
2014-10-06 19:21 - 2010-05-19 20:53 - 00688068 _____ () C:\Windows\PFRO.log
2014-10-06 19:21 - 2009-07-14 00:10 - 01491061 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 19:10 - 2010-08-24 12:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 18:44 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 18:44 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 18:33 - 2012-04-07 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 17:47 - 2012-07-10 23:32 - 00000000 ____D () C:\Users\karen\AppData\Roaming\Malwarebytes
2014-10-06 17:46 - 2012-07-10 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 14:25 - 2014-06-08 11:57 - 00000000 ____D () C:\ProgramData\da97f83f9343f5fb
2014-10-06 13:08 - 2010-05-19 19:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-06 13:08 - 2010-05-19 19:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-06 13:01 - 2012-09-04 21:55 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-06 09:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-06 07:22 - 2011-01-14 16:24 - 00000000 ____D () C:\Users\karen\AppData\Roaming\PCDr
2014-10-06 06:34 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 15:33 - 2012-04-07 14:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 15:33 - 2012-04-07 14:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 15:33 - 2011-12-25 15:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 01:42 - 2010-08-24 00:40 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 20:09 - 2012-07-11 01:43 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 20:05 - 2012-07-11 01:43 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-13 20:05 - 2012-07-11 01:43 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-13 20:04 - 2012-07-11 01:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 20:04 - 2012-07-11 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 20:03 - 2013-08-14 14:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 19:47 - 2010-08-23 23:57 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\karen\AppData\Local\Temp\31E8_Upgrader.exe
C:\Users\karen\AppData\Local\Temp\air16EA.exe
C:\Users\karen\AppData\Local\Temp\air1B1F.exe
C:\Users\karen\AppData\Local\Temp\air21A4.exe
C:\Users\karen\AppData\Local\Temp\air3AAF.exe
C:\Users\karen\AppData\Local\Temp\air4569.exe
C:\Users\karen\AppData\Local\Temp\air4D93.exe
C:\Users\karen\AppData\Local\Temp\air4F09.exe
C:\Users\karen\AppData\Local\Temp\air4FE4.exe
C:\Users\karen\AppData\Local\Temp\air59D3.exe
C:\Users\karen\AppData\Local\Temp\air6161.exe
C:\Users\karen\AppData\Local\Temp\air6B8F.exe
C:\Users\karen\AppData\Local\Temp\air7D0C.exe
C:\Users\karen\AppData\Local\Temp\air8778.exe
C:\Users\karen\AppData\Local\Temp\air8F54.exe
C:\Users\karen\AppData\Local\Temp\airA821.exe
C:\Users\karen\AppData\Local\Temp\airB136.exe
C:\Users\karen\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe
C:\Users\karen\AppData\Local\Temp\APNStub.exe
C:\Users\karen\AppData\Local\Temp\avguidx.dll
C:\Users\karen\AppData\Local\Temp\BackupSetup.exe
C:\Users\karen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\karen\AppData\Local\Temp\contentDATs.exe
C:\Users\karen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\karen\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\karen\AppData\Local\Temp\mssinstaller.exe
C:\Users\karen\AppData\Local\Temp\oi_{037F298B-2CE0-437D-894C-0085E65292A4}.exe
C:\Users\karen\AppData\Local\Temp\PicasaCD.exe
C:\Users\karen\AppData\Local\Temp\Quarantine.exe
C:\Users\karen\AppData\Local\Temp\search snacks.exe
C:\Users\karen\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\karen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\karen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\karen\AppData\Local\Temp\Upgrader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 09:01

==================== End Of Log ============================
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 6th, 2014, 8:48 pm

And finally, here is the Addition file from FRST:
Please note: I did NOT uncheck anything from AdwCleaner - I just had it clean everything.
The popups and unwanted tabs persist.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by karen at 2014-10-06 19:28:30
Running from C:\Users\karen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}) (Version: 1.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{64FBA03C-575C-D688-1C80-A5773CE471F9}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCScore (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
ESSBrwr (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.03.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.03.0000.0201 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 5.03.0000.0008 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.3.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
essvcpt (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
F4500 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HLPPDOCK (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
KSU (x32 Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Notifier (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 5.03.0000.0302 - EASTMAN KODAK Company) Hidden
OTtBP (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.0.133.gd18ed589 - Spotify AB)
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.0 - Tweaking.com)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VPRINTOL (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

29-08-2014 15:13:24 Restore Operation
01-09-2014 15:15:54 Windows Update
04-09-2014 21:24:23 Windows Update
09-09-2014 00:10:47 Windows Update
12-09-2014 00:57:53 Windows Update
14-09-2014 00:42:57 Windows Update
17-09-2014 00:45:35 Windows Update
22-09-2014 19:19:23 Windows Update
25-09-2014 01:06:47 Windows Update
04-10-2014 11:29:04 Windows Update
04-10-2014 11:39:38 Windows Update
06-10-2014 11:28:32 StartFix
06-10-2014 12:23:20 Windows Modules Installer
06-10-2014 18:07:41 Removed Adobe Reader X (10.1.12).
06-10-2014 18:12:35 Removed Java 7 Update 45
06-10-2014 18:14:55 Removed Java(TM) 6 Update 17 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {212F967C-1A7D-4163-A472-C8B8B63B4B7A} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {2C56588F-15D0-483C-8613-5C404B3F63AD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-05] (PC-Doctor, Inc.)
Task: {2CE3F2BA-6419-44E3-A1DA-7EF104B22CA5} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {409E976A-CA8E-44A7-B9CA-269BDBD62CE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {4BF20453-0F41-4BB2-9683-B0868A50B55C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)
Task: {4C200E46-6163-4098-AB0A-24E7C828C537} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24] (Google Inc.)
Task: {66503440-00DE-4CA0-8ECA-E04E33CDB8D4} - System32\Tasks\Auslogics\Boost Speed\Disk Defrag\Console Defragmentation => C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-08-13] ()
Task: {7DA7B024-11DA-4C92-89DA-722FAA485509} - \BlockAndSurf_wd No Task File <==== ATTENTION
Task: {B2A77458-C122-482F-A140-69EFABA4CB89} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {C73E8259-4259-4CB2-B3F1-0861030B3C75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24] (Google Inc.)
Task: {DA6EB49C-AD5B-41F9-AE32-B64F710D0368} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E01ACAC7-32B1-497F-AB26-677BE7CA892F} - System32\Tasks\DJR50DL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-19 19:02 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-05-19 19:02 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-06-04 12:04 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4172288-307113608-2096777836-500 - Administrator - Disabled)
Guest (S-1-5-21-4172288-307113608-2096777836-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4172288-307113608-2096777836-1002 - Limited - Enabled)
karen (S-1-5-21-4172288-307113608-2096777836 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 6500 E709a
Description: Officejet 6500 E709a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: hp LaserJet 4350
Description: hp LaserJet 4350
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP LaserJet 4050 Series
Description: HP LaserJet 4050 Series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 08:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1784

Start Time: 01cfd9ebe18be87f

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/26/2014 08:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3390

Start Time: 01cfd9ee5932b0eb

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/24/2014 08:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fc4

Start Time: 01cfd8613aa6142d

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/24/2014 08:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f0c

Start Time: 01cfd85f82139c34

Termination Time: 172

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/24/2014 08:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f9c

Start Time: 01cfd85df83a9942

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: a9ad244b-4452-11e4-8ccc-a4badbc2cc55

Error: (09/23/2014 05:15:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0x1210
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/22/2014 02:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp: 0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005f6c6
Faulting process id: 0x2c68
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/16/2014 07:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp: 0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005f6c6
Faulting process id: 0x1250
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/15/2014 07:46:54 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <10, 0x80070005, "">.

Error: (09/13/2014 08:06:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 135c

Start Time: 01cfcfb47e895696

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (10/06/2014 07:23:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/06/2014 07:22:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (10/06/2014 07:22:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (10/06/2014 07:22:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (10/06/2014 06:38:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/06/2014 06:37:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (10/06/2014 06:37:32 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (10/06/2014 06:37:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (10/06/2014 04:49:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/06/2014 04:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd


Microsoft Office Sessions:
=========================
Error: (09/26/2014 08:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280178401cfd9ebe18be87f0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/26/2014 08:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280339001cfd9ee5932b0eb60C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/24/2014 08:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.172801fc401cfd8613aa6142d16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/24/2014 08:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.172801f0c01cfd85f82139c34172C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/24/2014 08:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17280f9c01cfd85df83a99420C:\Program Files\Internet Explorer\iexplore.exea9ad244b-4452-11e4-8ccc-a4badbc2cc55

Error: (09/23/2014 05:15:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262acntdll.dll6.1.7601.18247521ea8e7c0000005000222d2121001cfd779d963d4f2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2c1a01d3-436f-11e4-a8a7-a4badbc2cc55

Error: (09/22/2014 02:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262acSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005f6c62c6801cfd69bfe34cd45C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll8a0f76f5-428f-11e4-a36e-a4badbc2cc55

Error: (09/16/2014 07:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946SkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005f6c6125001cfd20e312f8553C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllf40dd813-3e01-11e4-a720-a4badbc2cc55

Error: (09/15/2014 07:46:54 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 100x80070005

Error: (09/13/2014 08:06:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239135c01cfcfb47e8956960C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 92%
Total physical RAM: 3032.36 MB
Available physical RAM: 213.65 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 2985 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:163.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7144970A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 7th, 2014, 6:05 am

Hi,
Malwarebytes' scan ended abruptly - I thought I did something, so I quarantined the files as instructed, saved the log to the desktop and ran another after the first. When I went to get the log from the first scan, I could not find it

There is a need to see a scan log from a previous run of MBAM, the log where you quarantined the files, please do the following:
  • Start MBAM... Press the History icon on the top panel.
  • From the left side select the option:

      Quarantine
  • Double click on the requested (by date) log... the log display automatically. (Do not use the Select box)
  • When viewing the log, press the Copy to Clipboard button.
  • Please copy and paste viewed log contents in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  • Exit MBAM when done.
Using the default History Settings ... Log files can be found in these location:
Windows Vista, Win 7, Win 8 or 8.1: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

Next.

FRST.exe

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKLM-x32\...\runonceex: [] => [X]
    BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    SearchScopes: HKCU - C437175EC2AE4B0585DB247DFCA60CB6 URL = http://isearch.avg.com/search?cid={D3958284-D6F4-461B-B086-A82C6581B3FE}&mid=dfa027e9feb947d0b80375f39d2625a6-766f2ab19f6c176a3d82c1aef3f7543f47f0e762&lang=en&ds=AVG&pr=pr&d=2012-07-07 22:21:54&v=11.1.0.12&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {A3646558-CC56-4130-984C-B25DB2E38CFD} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C44527E8-B8BB-4357-8765-D2B39FE879B2&apn_sauid=54454734-1428-4CBC-B927-51A96BCD2577
    SearchScopes: HKCU - {CE979B0A-5DFC-4065-BCE9-0060B76F8D54} URL =
    SearchScopes: HKCU - {DE528CDC-E04B-4348-82D8-1473B0380C3A} URL =
    BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Extension: (unicoupons) - C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl\ [2014-06-04]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-09-06 21:31 - 2014-09-06 21:31 - 00000000 ____D () C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl
    2014-10-06 14:25 - 2014-06-08 11:57 - 00000000 ____D () C:\ProgramData\da97f83f9343f5fb
    2014-10-06 07:22 - 2011-01-14 16:24 - 00000000 ____D () C:\Users\karen\AppData\Roaming\PCDr
    C:\Users\karen\AppData\Local\Temp\31E8_Upgrader.exe
    C:\Users\karen\AppData\Local\Temp\air16EA.exe
    C:\Users\karen\AppData\Local\Temp\air1B1F.exe
    C:\Users\karen\AppData\Local\Temp\air21A4.exe
    C:\Users\karen\AppData\Local\Temp\air3AAF.exe
    C:\Users\karen\AppData\Local\Temp\air4569.exe
    C:\Users\karen\AppData\Local\Temp\air4D93.exe
    C:\Users\karen\AppData\Local\Temp\air4F09.exe
    C:\Users\karen\AppData\Local\Temp\air4FE4.exe
    C:\Users\karen\AppData\Local\Temp\air59D3.exe
    C:\Users\karen\AppData\Local\Temp\air6161.exe
    C:\Users\karen\AppData\Local\Temp\air6B8F.exe
    C:\Users\karen\AppData\Local\Temp\air7D0C.exe
    C:\Users\karen\AppData\Local\Temp\air8778.exe
    C:\Users\karen\AppData\Local\Temp\air8F54.exe
    C:\Users\karen\AppData\Local\Temp\airA821.exe
    C:\Users\karen\AppData\Local\Temp\airB136.exe
    C:\Users\karen\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe
    C:\Users\karen\AppData\Local\Temp\APNStub.exe
    C:\Users\karen\AppData\Local\Temp\avguidx.dll
    C:\Users\karen\AppData\Local\Temp\BackupSetup.exe
    C:\Users\karen\AppData\Local\Temp\CommonInstaller.exe
    C:\Users\karen\AppData\Local\Temp\contentDATs.exe
    C:\Users\karen\AppData\Local\Temp\iGearedHelper.dll
    C:\Users\karen\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\karen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\karen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\karen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\karen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\karen\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\karen\AppData\Local\Temp\mssinstaller.exe
    C:\Users\karen\AppData\Local\Temp\oi_{037F298B-2CE0-437D-894C-0085E65292A4}.exe
    C:\Users\karen\AppData\Local\Temp\PicasaCD.exe
    C:\Users\karen\AppData\Local\Temp\Quarantine.exe
    C:\Users\karen\AppData\Local\Temp\search snacks.exe
    C:\Users\karen\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\karen\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\karen\AppData\Local\Temp\ToolbarInstaller.exe
    C:\Users\karen\AppData\Local\Temp\Upgrader.exe
    Task: {212F967C-1A7D-4163-A472-C8B8B63B4B7A} - \BlockAndSurf Update No Task File <==== ATTENTION
    Task: {7DA7B024-11DA-4C92-89DA-722FAA485509} - \BlockAndSurf_wd No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
    MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • FRST Fixlog.txt.
  • JRT.txt
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 10:22 am

Hello Cypher!

MBAM did not have a "save to clipboard" in the quarantine section of the history. I found one in the application logs, but it crashed the program. I was able to locate the xml file in the ProgramData folder and have pasted it below:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/10/06 18:05:23 -0500</date>
<logfile>mbam-log-2014-10-06 (17-58-54).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.10.06.10</malware-database>
<rootkit-database>v2014.09.19.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>karen</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>328424</objects>
<time>1776</time>
<processes>1</processes>
<modules>0</modules>
<keys>61</keys>
<values>9</values>
<datas>0</datas>
<folders>11</folders>
<files>80</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>delete-on-reboot</action><pid>3488</pid><hash>c5bd0a074933bc7ae65d0c749470738d</hash></process>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PRoSHoppEr.PRoSHoppEr</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PRoSHoppEr.PRoSHoppEr.4.87</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PRoSHoppEr.PRoSHoppEr</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PRoSHoppEr.PRoSHoppEr.4.87</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1773541F-09C2-D3AC-0736-F6A71A221CBF}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{1773541F-09C2-D3AC-0736-F6A71A221CBF}\INPROCSERVER32</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup.3.12</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup.3.12</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{3FA78E7D-0495-BA47-6DF7-378EC92B997B}\INPROCSERVER32</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F02C05E5-3D72-A078-D079-23746A04947D}</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{F02C05E5-3D72-A078-D079-23746A04947D}\INPROCSERVER32</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>186a2be682fa4ee8e2842b6b52b09967</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>186a2be682fa4ee8e2842b6b52b09967</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>136f6aa7aece6bcb46f9d9dfb64bf709</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Software Updater_is1</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXKICKOFF.EXE</path><vendor>Security.Hijack</vendor><action>success</action><hash>94ee63ae9ce05cdadffec3626d97f10f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCMPENG.EXE</path><vendor>Security.Hijack</vendor><action>success</action><hash>087a937e710b6bcb5985a580e0245da3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\FreeSoftToday</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>d6ace32eaecebc7ad18fbea3f90b738d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\free_soft_today</path><vendor>PUP.Optional.FreeSoftToday.A</vendor><action>success</action><hash>9ce632dfe8947abc6df12756e71de41c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SearchSnacks</path><vendor>PUP.Optional.SearchSnacks.A</vendor><action>success</action><hash>c5bd8a87b5c734022b8756d42bd828d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SystemK</path><vendor>PUP.Optional.SystemK.A</vendor><action>success</action><hash>443e2be687f53afc84c739e1c83beb15</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXKICKOFF.EXE</path><vendor>Security.Hijack</vendor><action>success</action><hash>067c68a91f5def47a03dbd688e7641bf</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCMPENG.EXE</path><vendor>Security.Hijack</vendor><action>success</action><hash>7f03fe13e79585b100de60c58e76e719</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>1a6827eaef8d1e1835cc0533679ce41c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>028021f0621a1422feda9887e71c837d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd</path><vendor>PUP.Optional.SearchSnacks</vendor><action>success</action><hash>3d45759c5d1fbb7bc452829905fe45bb</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf</path><vendor>PUP.Optional.BlockAndSurf.A</vendor><action>success</action><hash>dca642cfb6c63cfadfb9a77373906997</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus</path><vendor>PUP.Optional.MediaPlayerplus.A</vendor><action>success</action><hash>661cdb3645376dc93fb0c572d33035cb</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday</path><vendor>PUP.Optional.FreeSoftToday.A</vendor><action>success</action><hash>dea4f51c58242511bda01a630004ab55</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>e59d0d04b2ca1a1c981a423c5aaa02fe</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf</path><vendor>PUP.Optional.BlockAndSurf.A</vendor><action>success</action><hash>e69c7a978defd75f475171a9b84b3dc3</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>5f23ea27daa21125e7c77ef1986c48b8</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>eb9712ffa2da6ec821f3d2733dc6847c</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>d1b114fdaad292a48fdf3b20976d13ed</hash></key>
<key><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>740e2ae71d5f47efce092df29c6710f0</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></key>
<value><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><valuename></valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata></valuedata><hash>92f0c24fa1dbb5813bd9bf14689aeb15</hash></value>
<value><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{D4027C7F-154A-4066-A1AD-4243D8127440}</valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata>|ÔJf@¡­BCØt@</valuedata><hash>92f0c24fa1dbb5813bd9bf14689aeb15</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXKICKOFF.EXE</path><valuename>Debugger</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>svchost.exe</valuedata><hash>94ee63ae9ce05cdadffec3626d97f10f</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCMPENG.EXE</path><valuename>Debugger</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>svchost.exe</valuedata><hash>087a937e710b6bcb5985a580e0245da3</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXKICKOFF.EXE</path><valuename>Debugger</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>svchost.exe</valuedata><hash>067c68a91f5def47a03dbd688e7641bf</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCMPENG.EXE</path><valuename>Debugger</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>svchost.exe</valuedata><hash>7f03fe13e79585b100de60c58e76e719</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>fst_us_52</valuename><vendor>PUP.Optional.FirstSeenToday.A</vendor><action>success</action><valuedata></valuedata><hash>028033de0d6fb58110df3df443c0a45c</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>fst_us_63</valuename><vendor>PUP.Optional.FirstSeenToday.A</vendor><action>success</action><valuedata></valuedata><hash>7111cd44c1bbbb7b20cfa68b0300d22e</hash></value>
<value><path>HKU\S-1-5-21-4172288-307113608-2096777836-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0E1G1J1H</valuedata><hash>d1b114fdaad292a48fdf3b20976d13ed</hash></value>
<folder><path>C:\Program Files (x86)\Software Updater</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>delete-on-reboot</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></folder>
<folder><path>C:\ProgramData\374311380</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8cf68988e09cf83e8bed3a99c939a65a</hash></folder>
<folder><path>C:\Users\karen\AppData\LocalLow\DataMngr</path><vendor>PUP.Optional.Datamngr.A</vendor><action>success</action><hash>473b0011730968cefa70a64346bc51af</hash></folder>
<folder><path>C:\Users\karen\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c4bef31eb6c672c4c84e10eb2dd5649c</hash></folder>
<folder><path>C:\Users\karen\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>047ed140691344f201168972897931cf</hash></folder>
<folder><path>C:\Users\karen\AppData\Roaming\Systweak\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>166c749dcdaf7cba5474b7445da544bc</hash></folder>
<folder><path>C:\Users\karen\AppData\Local\Temp\comh.343121</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></folder>
<folder><path>C:\Users\karen\AppData\Local\Temp\comh.374180</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></folder>
<folder><path>C:\ProgramData\WildWestCoupon</path><vendor>PUP.Optional.WildWestCoupon.A</vendor><action>success</action><hash>c4be828ffc8035012dd30404ac579d63</hash></folder>
<folder><path>C:\ProgramData\unicoupons</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>b9c9a0714a32f0463adada30fa0901ff</hash></folder>
<folder><path>C:\Program Files (x86)\unicoupons</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>a2e059b896e61620aa6b1ceeda2925db</hash></folder>
<file><path>C:\ProgramData\ProShuopper\MjMHfMAZGH.x64.dll</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></file>
<file><path>C:\ProgramData\ProShuopper\MjMHfMAZGH.dll</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>bcc61ff2fa8273c3a55f86d72dd4cb35</hash></file>
<file><path>C:\ProgramData\SofftCCoeuup\50qXxEX6rM.x64.dll</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></file>
<file><path>C:\ProgramData\SofftCCoeuup\50qXxEX6rM.dll</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ee94c34e2755ce6894aa0bad43be36ca</hash></file>
<file><path>C:\ProgramData\savinsHHOpp\_PbEhtMh59.x64.dll</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></file>
<file><path>C:\ProgramData\savinsHHOpp\_PbEhtMh59.dll</path><vendor>PUP.Optional.Preload</vendor><action>success</action><hash>00825db4d6a672c44316c7df14ed6b95</hash></file>
<file><path>C:\ProgramData\ProShuopper\MjMHfMAZGH.exe</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>f19148c987f5261035cf431a7d846997</hash></file>
<file><path>C:\ProgramData\savinsHHOpp\_PbEhtMh59.exe</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>e0a2ea279be1171f71390a9a4cb5758b</hash></file>
<file><path>C:\ProgramData\SofftCCoeuup\50qXxEX6rM.exe</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>136f6aa7aece6bcb46f9d9dfb64bf709</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\newvideoplayersetup.exe</path><vendor>PUP.Optional.NewPlayer</vendor><action>success</action><hash>384a7f9286f60b2bfb35c5f317ea4db3</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsb49F1.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>146e957c1666c373998cc4d138c9bc44</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\spidentifierimpl.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>740e7a971d5f0135e3ad6d297c8508f8</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\SPSetup.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>3c4667aae7955fd7be877b2454adf20e</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\swa1_23.exe</path><vendor>PUP.Optional.SevereWeatherAlerts</vendor><action>success</action><hash>1b676ea34636d75f27722bf811ef9868</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsgFDC.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3949a56cc0bc44f27da896ffad54bd43</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsjFA59.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>fe842ee3f389df57f134fc99956c46ba</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsqCE9E.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>a9d98f8288f43cfa41584c38e021c838</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\setup.exe</path><vendor>PUP.Optional.AirAdInstaller</vendor><action>success</action><hash>cbb7050c67151e186fd23901f010966a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\spidentifierimpl.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>394931e029534fe7444cf3a38c75c13f</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\DesktopWeatherAlertsSetup.exe</path><vendor>PUP.Optional.WeatherAlerts.A</vendor><action>success</action><hash>7e04b859cab276c06965a09f07fe748c</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\Freesofttoday.exe</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>dca60011493347efe76331533bc6817f</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\mediaplayerplus.exe</path><vendor>PUP.Optional.ScramblePacker.A</vendor><action>success</action><hash>780aa0710b7195a134b52866fb06f40c</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\New_Player.exe</path><vendor>PUP.Optional.NewPlayer</vendor><action>success</action><hash>7a08d73a90ec54e2bd73fabeee130af6</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\setup.exe</path><vendor>PUP.Optional.ScramblePacker.A</vendor><action>success</action><hash>1c6660b10d6fb086f5f4048a7a87f907</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\7c95f142-8c91-44d1-b13b-f9390d21337e\software\sp-downloader.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>cfb3bc5586f69e9808074351da2751af</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\is45637729\183260_stp\SettingsManagerSetup.exe</path><vendor>PUP.Optional.Linkey.A</vendor><action>success</action><hash>4042e72a76067abc325d2a6f47baa25e</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\is45637729\183318_stp\pm.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>51310e03c0bc85b1a7259afabb4658a8</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsc151B.tmp\Helper.dll</path><vendor>PUP.Optional.AztecMedia.A</vendor><action>success</action><hash>e59d70a1f587b77fa65b8d625ea62cd4</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsc151B.tmp\Starter.exe</path><vendor>PUP.Optional.AztecMedia.A</vendor><action>success</action><hash>186a0809adcf3204ae4487673dc72ad6</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\nsgA8DF\SpSetup.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>1f63f9187efe73c3ba8badf2fa0725db</hash></file>
<file><path>C:\Windows\Temp\nsi962A.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>7e04011058247cba7ca99203ee1343bd</hash></file>
<file><path>C:\Windows\Temp\nsr1D46.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>6b172ee303792610ee37e0b5ae538779</hash></file>
<file><path>C:\Windows\Temp\nswBB48.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>29590d043646c1750421b9dc04fdcd33</hash></file>
<file><path>C:\Windows\Temp\nsyDF5B.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>d9a93fd20e6e44f28f9664315ca5926e</hash></file>
<file><path>C:\Windows\Temp\9a49106d\SettingsManagerSetup.exe</path><vendor>PUP.Optional.Linkey.A</vendor><action>success</action><hash>a6dcd041611bc76f09868910c041e31d</hash></file>
<file><path>C:\Windows\System32\Tasks\BlockAndSurf Update</path><vendor>PUP.Optional.BlockAndSurf.A</vendor><action>success</action><hash>0e74ce436b11c96dedf0e63c19ea6d93</hash></file>
<file><path>C:\Windows\System32\Tasks\BlockAndSurf_wd</path><vendor>PUP.Optional.BlockAndSurf.A</vendor><action>success</action><hash>ceb464ad7dff41f5f4ea6db5b3501be5</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk</path><vendor>PUP.Optional.SoftwareUpdater.A</vendor><action>success</action><hash>bbc734dd0b719b9b1eeeb96cd82b23dd</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\updater.log</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\cpprest120_xp_1_4.dll</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\cpuidsdk.dll</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\DriversHQ.SDK.REST.Win32.dll</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\msvcp120.dll</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\msvcr120.dll</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\setup.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>delete-on-reboot</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\suscan.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\unins000.dat</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\unins000.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\Uninstall.exe</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\updates.cnf</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Program Files (x86)\Software Updater\upgrader.log</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>c5bd0a074933bc7ae65d0c749470738d</hash></file>
<file><path>C:\Users\karen\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64</path><vendor>PUP.Optional.Datamngr.A</vendor><action>success</action><hash>473b0011730968cefa70a64346bc51af</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c4bef31eb6c672c4c84e10eb2dd5649c</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c4bef31eb6c672c4c84e10eb2dd5649c</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c4bef31eb6c672c4c84e10eb2dd5649c</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>047ed140691344f201168972897931cf</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>047ed140691344f201168972897931cf</hash></file>
<file><path>C:\Users\karen\AppData\Roaming\Systweak\ssd\SSDPTstub.exe</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>166c749dcdaf7cba5474b7445da544bc</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.343121\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c5bdae63cab20d29b9612fce748e669a</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\Users\karen\AppData\Local\Temp\comh.374180\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>f989020fa9d31620e7333ac3d42e7987</hash></file>
<file><path>C:\ProgramData\WildWestCoupon\WildWestCoupon.exe</path><vendor>PUP.Optional.WildWestCoupon.A</vendor><action>success</action><hash>c4be828ffc8035012dd30404ac579d63</hash></file>
</items>
</mbam-log>
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 10:22 am

Here is the Fixlog file:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by karen at 2014-10-07 08:35:33 Run:1
Running from C:\Users\karen\Desktop
Loaded Profile: karen (Available profiles: karen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\runonceex: [] => [X]
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - C437175EC2AE4B0585DB247DFCA60CB6 URL = http://isearch.avg.com/search?cid={D3958284-D6F4-461B-B086-A82C6581B3FE}&mid=dfa027e9feb947d0b80375f39d2625a6-766f2ab19f6c176a3d82c1aef3f7543f47f0e762&lang=en&ds=AVG&pr=pr&d=2012-07-07 22:21:54&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A3646558-CC56-4130-984C-B25DB2E38CFD} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C44527E8-B8BB-4357-8765-D2B39FE879B2&apn_sauid=54454734-1428-4CBC-B927-51A96BCD2577
SearchScopes: HKCU - {CE979B0A-5DFC-4065-BCE9-0060B76F8D54} URL =
SearchScopes: HKCU - {DE528CDC-E04B-4348-82D8-1473B0380C3A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\PROGRAM Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (unicoupons) - C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl\ [2014-06-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-06 21:31 - 2014-09-06 21:31 - 00000000 ____D () C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl
2014-10-06 14:25 - 2014-06-08 11:57 - 00000000 ____D () C:\ProgramData\da97f83f9343f5fb
2014-10-06 07:22 - 2011-01-14 16:24 - 00000000 ____D () C:\Users\karen\AppData\Roaming\PCDr
C:\Users\karen\AppData\Local\Temp\31E8_Upgrader.exe
C:\Users\karen\AppData\Local\Temp\air16EA.exe
C:\Users\karen\AppData\Local\Temp\air1B1F.exe
C:\Users\karen\AppData\Local\Temp\air21A4.exe
C:\Users\karen\AppData\Local\Temp\air3AAF.exe
C:\Users\karen\AppData\Local\Temp\air4569.exe
C:\Users\karen\AppData\Local\Temp\air4D93.exe
C:\Users\karen\AppData\Local\Temp\air4F09.exe
C:\Users\karen\AppData\Local\Temp\air4FE4.exe
C:\Users\karen\AppData\Local\Temp\air59D3.exe
C:\Users\karen\AppData\Local\Temp\air6161.exe
C:\Users\karen\AppData\Local\Temp\air6B8F.exe
C:\Users\karen\AppData\Local\Temp\air7D0C.exe
C:\Users\karen\AppData\Local\Temp\air8778.exe
C:\Users\karen\AppData\Local\Temp\air8F54.exe
C:\Users\karen\AppData\Local\Temp\airA821.exe
C:\Users\karen\AppData\Local\Temp\airB136.exe
C:\Users\karen\AppData\Local\Temp\amsetup_activeris_default_010414_INSTALLER.exe
C:\Users\karen\AppData\Local\Temp\APNStub.exe
C:\Users\karen\AppData\Local\Temp\avguidx.dll
C:\Users\karen\AppData\Local\Temp\BackupSetup.exe
C:\Users\karen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\karen\AppData\Local\Temp\contentDATs.exe
C:\Users\karen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\karen\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\karen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\karen\AppData\Local\Temp\mssinstaller.exe
C:\Users\karen\AppData\Local\Temp\oi_{037F298B-2CE0-437D-894C-0085E65292A4}.exe
C:\Users\karen\AppData\Local\Temp\PicasaCD.exe
C:\Users\karen\AppData\Local\Temp\Quarantine.exe
C:\Users\karen\AppData\Local\Temp\search snacks.exe
C:\Users\karen\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\karen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\karen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\karen\AppData\Local\Temp\Upgrader.exe
Task: {212F967C-1A7D-4163-A472-C8B8B63B4B7A} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {7DA7B024-11DA-4C92-89DA-722FAA485509} - \BlockAndSurf_wd No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK EASYSHARE software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\DELL\DELL Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\DELL SUPPORT CENTER\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\ => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\C437175EC2AE4B0585DB247DFCA60CB6" => Key deleted successfully.
"HKCR\CLSID\C437175EC2AE4B0585DB247DFCA60CB6" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3646558-CC56-4130-984C-B25DB2E38CFD}" => Key deleted successfully.
"HKCR\CLSID\{A3646558-CC56-4130-984C-B25DB2E38CFD}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE979B0A-5DFC-4065-BCE9-0060B76F8D54}" => Key deleted successfully.
"HKCR\CLSID\{CE979B0A-5DFC-4065-BCE9-0060B76F8D54}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE528CDC-E04B-4348-82D8-1473B0380C3A}" => Key deleted successfully.
"HKCR\CLSID\{DE528CDC-E04B-4348-82D8-1473B0380C3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl\ => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\ProgramData\jpcdpndngmdljhoopdcoddjgmoacmjgl" => File/Directory not found.
C:\ProgramData\da97f83f9343f5fb => Moved successfully.
C:\Users\karen\AppData\Roaming\PCDr => Moved successfully.
C:\Users\karen\AppData\Local\Temp\31E8_Upgrader.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air16EA.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air1B1F.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air21A4.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air3AAF.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air4569.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air4D93.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air4F09.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air4FE4.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air59D3.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air6161.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air6B8F.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air7D0C.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air8778.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\air8F54.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\airA821.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\airB136.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\amsetup_activeris_default_010414_INSTALLER.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\karen\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\iGearedHelper.dll => Moved successfully.
C:\Users\karen\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\oi_{037F298B-2CE0-437D-894C-0085E65292A4}.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\PicasaCD.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\search snacks.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\karen\AppData\Local\Temp\Upgrader.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{212F967C-1A7D-4163-A472-C8B8B63B4B7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{212F967C-1A7D-4163-A472-C8B8B63B4B7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DA7B024-11DA-4C92-89DA-722FAA485509}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DA7B024-11DA-4C92-89DA-722FAA485509}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf_wd" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK EASYSHARE software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup => Error: No automatic fix found for this entry.
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\DELL\DELL Wireless WLAN Card\WLTRAY.exe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\DELL SUPPORT CENTER\bin\sprtcmd.exe" /P dellsupportcenter => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 10:23 am

And here is the JRT file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by karen on Tue 10/07/2014 at 9:05:18.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\karen\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\karen\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\karen\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{06CC91A8-DCA1-4B2B-984A-A11EBB75E60D}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{0D675EB0-9026-4360-A209-E2BB01F96C90}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{0E813C6F-A4D8-4DAD-B5A7-445DF4509288}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{11A2DC64-0545-45C6-B063-0588A0EC0B31}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{16505052-5634-44BB-9AE6-E8352C346298}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{1989079E-3507-49D4-AC64-F621DC54756C}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{1F1C151D-216A-489C-9CA0-03517C4C1125}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{20ADF682-6B34-4EF8-B3FB-0EBC813A176E}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{21F9BA67-B4C8-4992-BC5F-6A94D2164CD6}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2235702E-8CFF-4DDE-8882-221A4B7FD8F7}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{22F95CE9-CACF-464E-BDD9-9CE41EDBFFCC}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{255886F3-61D3-49E4-965F-5A1AF64EB180}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{26C1B8A7-0FEF-4148-876C-BDC1F5E09C1E}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2AD94935-1031-40BE-B229-887E0BB034DF}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2B5EE561-7567-462A-A5CB-51DDEB5A003C}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2B7E71FF-A3B0-4A4D-A436-89321E6D4E9B}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2BCD881E-674D-490E-B82D-4EBF6ED42372}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2C7AC588-915E-4C91-A345-E40DCDC48519}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{2FC6D119-6A21-4ADB-9475-E144EC7B5E8B}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{364FF0BD-1D00-46A6-80C9-5CEB37FCA9C8}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{3672AB6E-FBBA-46AB-8725-94D6AD811D90}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{36A62A56-77CC-433F-8B02-738DD9C61812}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{39691A6E-790C-4FBA-B8D6-FB87EFA5F123}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{3A20DA63-07CC-47F8-958F-C43557E0DE6F}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{3A4A3776-C6A1-4FC3-97D7-303FB93EBE85}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{3A763053-2F8A-4A31-9DB9-B339C2CB36E6}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{3FEE2804-77BF-46A3-AA6F-DD0E7ED33FBE}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{436E1FC2-F29F-40E7-A3DB-F74C599B9A02}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{465444BE-269E-4502-83AF-AA98E6FF17D4}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{46CB3B11-4753-4773-8522-5C8272264FCF}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{47EE837A-E720-4960-BF98-C2E1F6D06524}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{4FEAE7C0-7B98-45B6-BDB4-7A582679BEDA}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{527C9265-B512-46E5-8000-79EFA2FB2427}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{597C80EF-A5B3-4345-B039-107DBC23A7F1}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{5B930D3C-4917-4F59-B7FE-22DE8D5D02FC}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{5EE9BA20-5CFF-48BC-915B-647CDDE81926}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{644E058D-4E15-476A-95BE-C3747ABC0E16}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{64BF718B-BA69-45BB-9DBA-DD78CE26DAB5}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{65737E13-33EB-44D1-8427-D59A32184310}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{67A313F6-E567-4C19-BC57-AD9CAD377AFD}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{70087C9C-BA7E-466C-BC38-50971271598E}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{71161CC0-8509-40AE-BD40-A613BB30B106}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{77133ECE-DFCA-44C6-91D4-5F73644C8B4D}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{7D7366B5-4655-4D51-9D97-A7AD8CDFBA2F}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{7E18EAA4-4EDB-4BF6-8695-6C780A10D5B9}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{80297E08-E588-47FB-A71E-56211A4297C1}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{83D2DA49-99AA-4705-80B2-1614F6353ADD}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{88090D4E-C417-4127-8686-D898C3169035}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{88D72A9A-41E1-49E4-9206-F6072B55570B}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{8D3EDC03-65BC-4009-91C5-C52D2960AE22}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{8F59FF4B-E726-410C-95F3-55FAA80998CA}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{90438149-9EA9-44F2-BF93-E7333E392EC6}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{90B658DC-3CBE-47B9-A952-B4C21CE99A23}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{91F02171-ECAF-40D8-9694-3E93C95544BF}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{9414D4A5-9AF9-42D3-B8C8-526913294553}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{9439C322-78C7-49A2-9F8F-DBD653E1D75A}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{94417EC8-99A7-4776-B4B4-B20A25083649}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{98238DD1-5ECA-4C3A-AEDB-F2903F6E3D35}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{9D364DB6-99C2-4A3B-8072-EAAE8F4B7961}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{A22B5530-B07E-4A0E-B37F-1D1E13AFAE43}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{A3C36068-1E9D-410D-9855-813545923F3A}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{A4DF3D40-60FA-43F8-A03C-61B6E893D330}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{A5388A40-5FA1-41E4-A7E0-6D51EAE0B73E}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{A6C895DC-D78A-4A9F-AB39-CDB16B04ADD4}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{AC506E01-2C7D-45D5-B0AB-CBF4923276A2}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{B226F8F6-6190-475C-90B6-5D7B72E450AF}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{B4325E98-BCB5-4103-83C5-D8C9F44BE7D4}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{BCCAD903-B432-4C6D-AECA-7C26578ECF38}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{BE1A29DD-BD52-4F12-A18E-006EDBC0995D}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{C1089266-0495-41BD-A697-5305D286A5EF}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{C8A92A15-5A5B-4E4C-B875-720761E702D5}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{CBCC0CA4-8776-4F48-8251-5F9F1474CB52}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{CC10E11F-C30C-4AE8-9B49-131DCFA3824E}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{CC3143F7-E8F4-4E64-A41F-C53174E70CE1}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{CE6C96C2-9A91-412C-A025-3BAD1D42A372}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{D10F26F9-BCD9-4B56-B24B-3A49E5582A40}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{DAB1C797-DF5A-4968-B9AA-C0B491554B01}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{DEA7574C-F8B1-46BE-BD96-941BE7EC3982}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{E46AD592-6631-44C2-AA4B-E919770D5089}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{F06F2A6B-D2CB-4DE4-906F-A38AE3024E5F}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{F35D0972-5B2C-400E-AB94-B9F8D7209825}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{F4A56C64-3F74-4613-948A-CEE1D363475F}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{F7A9C38B-A2A2-4AC0-B540-0BC2B7821123}
Successfully deleted: [Empty Folder] C:\Users\karen\appdata\local\{FE2B10CA-97A0-4DDF-A9B6-B499A56E53CA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/07/2014 at 9:09:01.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 10:29 am

Hello Cypher!

I have posted the logs you requested. I usually don't have trouble with MBAM, so I am surprised at this problem. I have had to resort to moving the files from the infected computer to my ubuntu laptop via usb drive and downloading files to my ubuntu and transferring them via usb drive back. The fight is not going well on the Chrome front. The browser does OK for a few seconds, then pop-ups start appearing when I try to scroll - it seems to be the scroll bar that activates the mess. Internet Explorer, on the other hand, seems to be OK now. Not sure how long this will last. Thank you for your help!

Nathan
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 10:30 am

Probably should have added that Chrome is completely unusable - necessitating a shutdown by Task Manager at one point.
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 7th, 2014, 11:25 am

Hi,
Thank you for your help!

You're welcome.
I usually don't have trouble with MBAM, so I am surprised at this problem.

Don't worry about MBAM for now.
I have had to resort to moving the files from the infected computer to my ubuntu laptop via usb drive and downloading files to my ubuntu and transferring them via usb drive back

That's fine, just keep doing that if needed.
Probably should have added that Chrome is completely unusable - necessitating a shutdown by Task Manager at one point.

I need you to uninstall Chrome for now, see below. Then i need you to run two more scans for me.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Google Chrome

If you're asked if you would like to keep any personalized settings or folders, say NO...
Now make sure that the folders from Chrome are deleted!!!, delete the below if it exist.
C:\Program Files (x86)\Google


Now reboot your computer.

Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :filefind
    *Activeris AntiMalware*
    *eaSytooShop*
    *Performancer*
    *PProeShopper*
    *saveeoron*
    *siavinshop*
    *superfish.com*
    *unicoupons*
    *WildWestCoupon*
    
    :folderfind
    *Activeris AntiMalware*
    *eaSytooShop*
    *Performancer*
    *PProeShopper*
    *saveeoron*
    *siavinshop*
    *superfish.com*
    *unicoupons*
    *WildWestCoupon*
    
    :Regfind
    Activeris AntiMalware
    eaSytooShop
    Performancer
    PProeShopper
    saveeoron
    siavinshop
    superfish.com
    unicoupons
    WildWestCoupon
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • zoek-results.log.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 7:45 pm

Zoek.exe v5.0.0.0 Updated 06-October-2014
Tool run by karen on Tue 10/07/2014 at 15:00:35.00.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\karen\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

10/7/2014 3:05:07 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\karen\AppData\LocalLow\{1773541F-09C2-D3AC-0736-F6A71A221CBF} deleted
C:\Users\karen\AppData\LocalLow\{551383EC-19FE-BD95-6856-39F1EE94B066} deleted
C:\Users\karen\AppData\LocalLow\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} deleted
C:\Users\karen\AppData\LocalLow\{C33601E2-6589-A9B0-E1DD-D2257A04E70B} deleted
C:\Users\karen\AppData\LocalLow\{F02C05E5-3D72-A078-D079-23746A04947D} deleted
C:\Users\karen\AppData\Local\Packages\windows_ie_ac_001\AC\{1773541F-09C2-D3AC-0736-F6A71A221CBF} deleted
C:\Users\karen\AppData\Local\Packages\windows_ie_ac_001\AC\{551383EC-19FE-BD95-6856-39F1EE94B066} deleted
C:\Users\karen\AppData\Local\Packages\windows_ie_ac_001\AC\{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693} deleted
C:\Users\karen\AppData\Local\Packages\windows_ie_ac_001\AC\{C33601E2-6589-A9B0-E1DD-D2257A04E70B} deleted
C:\Users\karen\AppData\Local\Packages\windows_ie_ac_001\AC\{F02C05E5-3D72-A078-D079-23746A04947D} deleted
C:\PROGRA~2\GUM2B82.tmp deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\karen\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\Users\karen\AppData\Local\nsi53A8.tmp deleted
C:\Users\karen\AppData\Local\com deleted
C:\Windows\invcol.tmp deleted
"C:\Users\karen\AppData\Local\{EC73F84A-5FE2-40A7-8C1E-D370F9506392}" deleted
"C:\Users\karen\AppData\Local\{EF93612E-9BD8-42BA-9588-5CC9F51A8F5B}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09/07/2010 12:33 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09/07/2010 12:33 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yahoo.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{CE979B0A-5DFC-4065-BCE9-0060B76F8D54}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{CE979B0A-5DFC-4065-BCE9-0060B76F8D54} Bing Url="http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4172288-307113608-2096777836-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9999A076-A9E2-4C99-8A2B-632FC9429223} deleted successfully
HKEY_USERS\S-1-5-21-4172288-307113608-2096777836-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-4172288-307113608-2096777836-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9999A076-A9E2-4C99-8A2B-632FC9429223} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=17 3553945 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\karen\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\karen\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 10/07/2014 at 15:39:56.01 ======================
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware