Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection of links and endless pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirection of links and endless pop-ups

Unread postby u0717211 » October 9th, 2014, 12:02 am

I can't even use the internet without pop-ups coming up non-stop. They are standard pop-ups with advertisements and other weird ones that tell me to call a toll free number for help with my computer's issues. When I click on links it will open a new tab and take me to some random website. It is almost impossible to use my computer at this point. I would really appreciate some help! Thank you
NOTE:I was over the amount of characters allowed for a post so I cut off some of the Addition log at the end. Let me know if you need the rest.

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by tayweb (administrator) on TDIDDY on 08-10-2014 21:44:19
Running from C:\Users\tayweb\Downloads
Loaded Profile: tayweb (Available profiles: tayweb)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
() C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Systweak) C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\RCP\RegCleanPro.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-25] (AVAST Software)
HKU\S-1-5-21-444850313-4093084663-149680862-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-444850313-4093084663-149680862-1001\...\Run: [GoogleChromeAutoLaunch_4B534D2853F8AE4650317E2DD1CF4E30] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-22] (Google Inc.)
Startup: C:\Users\tayweb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dsites_14_39_ch&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEzzzyyCyByB0D0AtB0E0AtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzztAyEtAyDyEtBtGyC0DtByCtG0BtC0B0DtGtCyCzz0FtGyDyB0E0D0AyE0EtD0D0FyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCyB0DtBtDtAzytGyC0E0EtBtGyEtC0CyDtGzyyC0ByCtGyDtBzy0DyDzyzzzzzyyCyCyD2Q&cr=106613913&ir=
SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - DefaultScope {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-25]

Chrome:
=======
CHR Profile: C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-25] (AVAST Software)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [522480 2014-10-08] ()
R2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [522480 2014-10-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-25] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\ENG64.SYS [126040 2013-12-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\EX64.SYS [2099288 2013-12-25] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-23] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-21] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-09-25] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 21:44 - 2014-10-08 21:45 - 00019435 _____ () C:\Users\tayweb\Downloads\FRST.txt
2014-10-08 21:43 - 2014-10-08 21:43 - 00001476 _____ () C:\Users\tayweb\Desktop\FRST64 - Shortcut.lnk
2014-10-08 21:42 - 2014-10-08 21:42 - 02109952 _____ (Farbar) C:\Users\tayweb\Downloads\FRST64.exe
2014-10-08 21:38 - 2014-10-08 21:38 - 00001332 _____ () C:\Users\tayweb\Desktop\Clean Registry for Free!.lnk
2014-10-08 21:32 - 2014-10-08 21:29 - 00688992 _____ (Swearware) C:\Users\tayweb\Desktop\dds.com
2014-10-08 21:22 - 2014-10-08 21:22 - 00688992 _____ (Swearware) C:\Users\tayweb\Downloads\dds (2).scr
2014-10-08 21:18 - 2014-10-08 21:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-08 21:14 - 2014-10-08 21:33 - 00000000 ____D () C:\Users\tayweb\AppData\Roaming\Systweak
2014-10-08 21:14 - 2014-10-08 21:14 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-08 21:07 - 2014-10-08 21:07 - 00000586 _____ () C:\Users\tayweb\Desktop\dds - Shortcut.lnk
2014-10-08 21:00 - 2014-10-08 21:00 - 00398248 _____ () C:\Users\tayweb\Downloads\FLVPlayer-Chrome (1).exe
2014-10-08 20:58 - 2014-10-08 20:58 - 00398248 _____ () C:\Users\tayweb\Downloads\FLVPlayer-Chrome.exe
2014-09-28 17:45 - 2014-09-28 17:45 - 93423965 _____ () C:\Users\tayweb\Downloads\Experiment 4 - TGA.mov
2014-09-28 17:44 - 2014-09-28 17:45 - 76222311 _____ () C:\Users\tayweb\Downloads\Grams-to-Moles - Introduction to Stoichiometry.mp4
2014-09-28 17:37 - 2014-09-28 17:37 - 00000000 _____ () C:\Users\tayweb\AppData\Local\{13A8BD59-C9D3-4194-9434-BF709CFA45AC}
2014-09-28 17:35 - 2014-09-28 17:35 - 00853640 _____ () C:\Windows\Minidump\092814-28328-01.dmp
2014-09-27 00:05 - 2014-09-27 00:05 - 01699118 _____ (Thisisu) C:\Users\tayweb\Downloads\JRT (3).exe
2014-09-27 00:01 - 2014-09-27 00:01 - 01699118 _____ (Thisisu) C:\Users\tayweb\Downloads\JRT (2).exe
2014-09-26 23:55 - 2014-09-26 23:55 - 00853144 _____ () C:\Windows\Minidump\092614-44265-01.dmp
2014-09-25 22:57 - 2014-09-25 22:58 - 01024790 _____ (Thisisu) C:\Users\tayweb\Downloads\JRT (1).exe
2014-09-25 22:50 - 2014-09-25 22:50 - 00715920 _____ ( ) C:\Users\tayweb\Downloads\FileOpenerSetup (1).exe
2014-09-25 22:34 - 2014-09-25 22:34 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-25 22:34 - 2014-09-25 22:34 - 00000000 ____D () C:\Users\tayweb\AppData\Roaming\AVAST Software
2014-09-25 22:34 - 2014-09-25 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-25 22:33 - 2014-09-25 22:34 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-25 22:33 - 2014-09-25 22:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-25 22:33 - 2014-09-25 22:33 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-25 22:33 - 2014-09-25 22:33 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-25 22:33 - 2014-09-25 22:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-25 22:33 - 2014-09-25 22:33 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-25 22:31 - 2014-09-25 22:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-25 22:28 - 2014-10-08 21:47 - 00003090 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-09-25 22:28 - 2014-10-08 21:15 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2014-09-25 22:28 - 2014-09-25 22:28 - 00004024 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-25 22:28 - 2014-09-25 22:28 - 00001992 _____ () C:\Users\tayweb\Desktop\Sync Folder.lnk
2014-09-25 22:28 - 2014-09-25 22:28 - 00001064 _____ () C:\Users\Public\Desktop\Advanced-System Protector.lnk
2014-09-25 22:28 - 2014-09-25 22:28 - 00001004 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-09-25 22:28 - 2014-09-25 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-09-25 22:28 - 2014-09-25 22:28 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-09-25 22:28 - 2014-09-25 22:28 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-09-25 22:28 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-09-25 22:28 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-09-25 22:27 - 2014-09-25 22:27 - 00001110 _____ () C:\Users\tayweb\Desktop\MyPC Backup.lnk
2014-09-25 22:26 - 2014-09-25 14:43 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
2014-09-25 22:21 - 2014-10-08 21:11 - 00000000 ____D () C:\Program Files (x86)\AdvanceElite
2014-09-25 22:21 - 2014-09-25 22:21 - 00000000 ____D () C:\Users\tayweb\AppData\Roaming\1H1Q
2014-09-25 22:19 - 2014-09-25 22:19 - 00715920 _____ ( ) C:\Users\tayweb\Downloads\FileOpenerSetup.exe
2014-09-25 22:19 - 2014-09-25 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-09-25 22:19 - 2014-09-25 22:19 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-09-25 22:04 - 2014-09-25 22:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 22:03 - 2014-09-25 22:03 - 01024790 _____ (Thisisu) C:\Users\tayweb\Downloads\JRT.exe
2014-09-25 15:41 - 2014-09-25 15:42 - 00851656 _____ () C:\Windows\Minidump\092514-27718-01.dmp
2014-09-24 22:24 - 2014-09-24 22:24 - 00064880 _____ () C:\Users\tayweb\Downloads\exp_11_data.zip
2014-09-22 22:44 - 2014-09-22 22:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\tayweb\Downloads\tdsskiller.exe
2014-09-22 22:44 - 2014-09-22 22:44 - 00001173 _____ () C:\Users\tayweb\Desktop\tdsskiller - Shortcut.lnk
2014-09-21 14:54 - 2014-09-21 15:00 - 526532645 _____ () C:\Users\tayweb\Downloads\Exp 11.mov
2014-09-19 14:10 - 2014-09-19 13:49 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-19 13:50 - 2014-09-21 14:50 - 00006703 _____ () C:\zoek-results.log
2014-09-19 13:49 - 2014-09-19 13:47 - 01290240 _____ () C:\Users\tayweb\Desktop\zoek.exe
2014-09-19 13:48 - 2014-09-19 14:08 - 00000000 ____D () C:\zoek_backup
2014-09-19 13:48 - 2014-09-19 13:48 - 01290240 _____ () C:\Users\tayweb\Downloads\zoek (1).exe
2014-09-19 13:47 - 2014-09-19 13:47 - 01290240 _____ () C:\Users\tayweb\Downloads\zoek.exe
2014-09-18 12:40 - 2014-09-25 22:20 - 00002291 _____ () C:\Users\tayweb\Desktop\Google Chrome.lnk
2014-09-18 12:09 - 2014-09-18 12:12 - 00001453 _____ () C:\Users\tayweb\Desktop\Search.txt
2014-09-18 12:08 - 2014-09-18 12:08 - 02105856 _____ (Farbar) C:\Users\tayweb\Desktop\FRST64.exe
2014-09-17 14:47 - 2014-09-24 22:25 - 00000000 ____D () C:\Users\tayweb\Documents\Chem 1210
2014-09-15 22:50 - 2014-10-08 21:44 - 00000000 ____D () C:\FRST
2014-09-15 22:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-15 22:26 - 2014-09-15 22:44 - 00000000 ____D () C:\AdwCleaner
2014-09-15 21:38 - 2014-09-22 22:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:38 - 2014-09-15 21:38 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 21:37 - 2014-09-15 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 21:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 21:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 21:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 21:36 - 2014-09-15 21:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tayweb\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 04057608 _____ () C:\Users\tayweb\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 14:04 - 2014-09-04 20:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-15 14:04 - 2014-09-04 20:31 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 14:04 - 2014-09-04 18:48 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 13:58 - 2014-08-15 19:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 13:58 - 2014-08-15 19:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 13:58 - 2014-08-15 19:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 13:58 - 2014-08-15 19:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 13:58 - 2014-08-15 19:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 13:58 - 2014-08-15 19:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 13:58 - 2014-08-15 19:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 13:58 - 2014-08-15 19:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 13:58 - 2014-08-15 19:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 13:58 - 2014-08-15 19:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 13:58 - 2014-08-15 18:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 13:57 - 2014-08-15 20:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 13:57 - 2014-08-15 20:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 13:57 - 2014-08-15 20:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 13:57 - 2014-08-15 20:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 13:57 - 2014-08-15 19:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 13:57 - 2014-08-15 19:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 13:57 - 2014-08-15 19:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 13:57 - 2014-08-15 19:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 13:57 - 2014-08-15 19:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 13:57 - 2014-08-15 19:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 13:57 - 2014-08-15 19:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 13:57 - 2014-08-15 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 13:57 - 2014-08-15 18:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 13:57 - 2014-08-15 18:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 13:57 - 2014-08-15 18:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 13:57 - 2014-08-15 18:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 13:57 - 2014-08-15 18:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 13:57 - 2014-08-15 18:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 13:57 - 2014-08-15 18:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 13:57 - 2014-08-15 18:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 13:57 - 2014-08-15 18:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 13:57 - 2014-08-15 18:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 13:57 - 2014-08-15 18:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 13:57 - 2014-08-15 18:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 13:54 - 2014-08-23 01:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-15 13:54 - 2014-08-23 01:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-15 13:54 - 2014-08-23 00:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 13:54 - 2014-08-22 23:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 13:54 - 2014-08-22 22:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-15 13:54 - 2014-08-22 22:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-15 13:54 - 2014-08-22 22:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-15 13:54 - 2014-08-22 22:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-15 13:54 - 2014-08-22 22:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-15 13:54 - 2014-07-29 19:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-15 13:54 - 2014-07-28 23:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-15 13:48 - 2014-07-24 09:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-15 13:48 - 2014-07-24 07:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-15 13:48 - 2014-07-24 03:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-15 13:48 - 2014-07-24 03:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 13:48 - 2014-07-24 01:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-15 13:47 - 2014-07-24 01:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-15 00:13 - 2014-07-24 09:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-15 00:13 - 2014-07-24 09:28 - 00419648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-15 00:13 - 2014-07-24 09:28 - 00412992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-15 00:13 - 2014-07-24 09:28 - 00143680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-15 00:13 - 2014-07-24 09:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-15 00:13 - 2014-07-24 09:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-15 00:13 - 2014-07-24 09:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-15 00:13 - 2014-07-24 09:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-15 00:13 - 2014-07-24 09:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-09-15 00:13 - 2014-07-24 09:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-15 00:13 - 2014-07-24 09:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-15 00:13 - 2014-07-24 09:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-09-15 00:13 - 2014-07-24 09:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-09-15 00:13 - 2014-07-24 09:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-09-15 00:13 - 2014-07-24 09:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-09-15 00:13 - 2014-07-24 09:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-15 00:13 - 2014-07-24 09:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-15 00:13 - 2014-07-24 09:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-09-15 00:13 - 2014-07-24 09:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-15 00:13 - 2014-07-24 09:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-15 00:13 - 2014-07-24 09:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-09-15 00:13 - 2014-07-24 08:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-15 00:13 - 2014-07-24 08:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-15 00:13 - 2014-07-24 07:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-15 00:13 - 2014-07-24 07:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-15 00:13 - 2014-07-24 07:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-15 00:13 - 2014-07-24 07:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-15 00:13 - 2014-07-24 07:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-09-15 00:13 - 2014-07-24 07:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-15 00:13 - 2014-07-24 07:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-09-15 00:13 - 2014-07-24 05:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-15 00:13 - 2014-07-24 05:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-15 00:13 - 2014-07-24 05:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-15 00:13 - 2014-07-24 05:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-15 00:13 - 2014-07-24 05:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-15 00:13 - 2014-07-24 05:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-09-15 00:13 - 2014-07-24 05:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-15 00:13 - 2014-07-24 05:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-09-15 00:13 - 2014-07-24 04:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-09-15 00:13 - 2014-07-24 04:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-09-15 00:13 - 2014-07-24 04:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-09-15 00:13 - 2014-07-24 04:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-15 00:13 - 2014-07-24 04:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-15 00:13 - 2014-07-24 04:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-15 00:13 - 2014-07-24 04:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-09-15 00:13 - 2014-07-24 04:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-15 00:13 - 2014-07-24 03:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-09-15 00:13 - 2014-07-24 03:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-09-15 00:13 - 2014-07-24 03:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-15 00:13 - 2014-07-24 03:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-09-15 00:13 - 2014-07-24 03:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-15 00:13 - 2014-07-24 03:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-09-15 00:13 - 2014-07-24 03:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-09-15 00:13 - 2014-07-24 03:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-09-15 00:13 - 2014-07-24 03:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-15 00:13 - 2014-07-24 03:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-09-15 00:13 - 2014-07-24 03:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-15 00:13 - 2014-07-24 03:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-15 00:13 - 2014-07-24 03:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-15 00:13 - 2014-07-24 02:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-15 00:13 - 2014-07-24 02:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-15 00:13 - 2014-07-24 02:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-15 00:13 - 2014-07-24 02:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-09-15 00:13 - 2014-07-24 02:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-15 00:13 - 2014-07-24 02:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-15 00:13 - 2014-07-24 02:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-15 00:13 - 2014-07-24 02:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-15 00:13 - 2014-07-24 02:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-09-15 00:13 - 2014-07-24 02:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-15 00:13 - 2014-07-24 02:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-09-15 00:13 - 2014-07-24 02:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-15 00:13 - 2014-07-24 02:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-15 00:13 - 2014-07-24 02:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-15 00:13 - 2014-07-24 02:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-09-15 00:13 - 2014-07-24 02:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-15 00:13 - 2014-07-24 02:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-15 00:13 - 2014-07-24 02:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-09-15 00:13 - 2014-07-24 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-09-15 00:13 - 2014-07-24 02:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-15 00:13 - 2014-07-24 02:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-09-15 00:13 - 2014-07-24 02:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-15 00:13 - 2014-07-24 02:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-15 00:13 - 2014-07-24 02:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-15 00:13 - 2014-07-24 02:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-15 00:13 - 2014-07-24 02:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-09-15 00:13 - 2014-07-24 02:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-15 00:13 - 2014-07-24 02:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-15 00:13 - 2014-07-24 02:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-15 00:13 - 2014-07-24 02:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-15 00:13 - 2014-07-24 02:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-15 00:13 - 2014-07-24 01:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-15 00:13 - 2014-07-24 01:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-09-15 00:13 - 2014-07-24 01:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-15 00:13 - 2014-07-24 01:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-09-15 00:13 - 2014-07-24 01:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-09-15 00:13 - 2014-07-24 01:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-09-15 00:13 - 2014-07-24 01:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-15 00:13 - 2014-07-24 01:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-15 00:13 - 2014-07-24 01:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-15 00:13 - 2014-07-24 01:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-15 00:13 - 2014-07-24 01:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-15 00:13 - 2014-07-24 01:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-15 00:13 - 2014-07-23 22:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-15 00:13 - 2014-07-23 22:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-09-15 00:13 - 2014-07-11 23:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-09-15 00:13 - 2014-07-11 22:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-09-15 00:13 - 2014-07-11 22:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 00:13 - 2014-07-04 04:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-09-15 00:13 - 2014-07-04 04:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-15 00:13 - 2014-07-04 04:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-09-15 00:13 - 2014-07-04 03:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-09-15 00:13 - 2014-07-04 03:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-09-15 00:13 - 2014-06-27 00:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-15 00:13 - 2014-06-25 18:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-15 00:13 - 2014-06-19 17:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-15 00:13 - 2014-06-18 20:13 - 00310080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-15 00:13 - 2014-06-14 00:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 00:13 - 2014-06-13 23:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-15 00:13 - 2014-06-05 08:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-15 00:13 - 2014-06-05 04:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-15 00:13 - 2014-06-05 03:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-15 00:13 - 2014-05-30 23:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-09-15 00:13 - 2014-05-30 22:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-09-15 00:13 - 2014-05-29 00:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-15 00:13 - 2014-05-28 23:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-15 00:13 - 2014-05-10 04:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-09-15 00:13 - 2014-05-10 02:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-09-15 00:13 - 2014-05-05 22:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-15 00:13 - 2014-05-05 18:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-15 00:13 - 2014-03-24 20:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-09-15 00:13 - 2014-03-24 20:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-09-15 00:13 - 2014-03-24 19:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-09-15 00:13 - 2014-03-24 19:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-09-15 00:12 - 2014-07-24 09:28 - 00280384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-09-15 00:12 - 2014-07-24 09:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-15 00:12 - 2014-07-24 09:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-15 00:12 - 2014-07-24 07:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-15 00:12 - 2014-07-24 07:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-09-15 00:12 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-15 00:12 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-15 00:12 - 2014-07-24 05:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-15 00:12 - 2014-07-24 05:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-15 00:12 - 2014-07-24 05:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-15 00:12 - 2014-07-24 05:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-09-15 00:12 - 2014-07-24 05:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-09-15 00:12 - 2014-07-24 05:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-15 00:12 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-15 00:12 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-09-15 00:12 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-15 00:12 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-09-15 00:12 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-15 00:12 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-15 00:12 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-15 00:12 - 2014-07-24 04:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-15 00:12 - 2014-07-24 04:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-09-15 00:12 - 2014-07-24 04:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-09-15 00:12 - 2014-07-24 04:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-15 00:12 - 2014-07-24 04:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-09-15 00:12 - 2014-07-24 03:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-09-15 00:12 - 2014-07-24 03:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-09-15 00:12 - 2014-07-24 03:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-09-15 00:12 - 2014-07-24 03:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-15 00:12 - 2014-07-24 03:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-15 00:12 - 2014-07-24 03:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-09-15 00:12 - 2014-07-24 03:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-15 00:12 - 2014-07-24 03:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-09-15 00:12 - 2014-07-24 03:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-15 00:12 - 2014-07-24 03:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-09-15 00:12 - 2014-07-24 03:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-09-15 00:12 - 2014-07-24 03:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-09-15 00:12 - 2014-07-24 02:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-09-15 00:12 - 2014-07-24 02:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-15 00:12 - 2014-07-24 02:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-15 00:12 - 2014-07-24 02:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-15 00:12 - 2014-07-24 02:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-09-15 00:12 - 2014-07-24 02:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-09-15 00:12 - 2014-07-24 02:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-09-15 00:12 - 2014-07-24 02:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-09-15 00:12 - 2014-07-24 02:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 00:12 - 2014-07-24 02:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-09-15 00:12 - 2014-07-24 02:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-15 00:12 - 2014-07-24 02:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-09-15 00:12 - 2014-07-24 02:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-09-15 00:12 - 2014-07-24 02:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 00:12 - 2014-07-24 02:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-09-15 00:12 - 2014-07-24 02:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-15 00:12 - 2014-07-24 02:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-09-15 00:12 - 2014-07-24 02:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-15 00:12 - 2014-07-24 02:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-15 00:12 - 2014-07-24 01:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-09-15 00:12 - 2014-07-24 01:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-09-15 00:12 - 2014-07-24 01:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-15 00:12 - 2014-07-24 01:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-09-15 00:12 - 2014-07-24 01:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-09-15 00:12 - 2014-07-11 23:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-15 00:12 - 2014-07-11 22:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-15 00:12 - 2014-07-09 17:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-15 00:12 - 2014-07-04 06:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-15 00:12 - 2014-07-04 04:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-15 00:12 - 2014-06-25 18:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-09-15 00:12 - 2014-06-07 06:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-15 00:12 - 2014-06-07 04:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-15 00:12 - 2014-05-28 23:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-15 00:12 - 2014-05-28 22:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-15 00:12 - 2014-05-26 01:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-09-15 00:03 - 2014-08-14 18:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-13 12:03 - 2014-08-01 18:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-13 12:02 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-13 12:02 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-13 11:48 - 2014-09-13 11:49 - 00848304 _____ () C:\Windows\Minidump\091314-24562-01.dmp
2014-09-09 08:48 - 2014-09-09 08:49 - 00686368 _____ () C:\Windows\Minidump\090914-27750-01.dmp
2014-09-08 22:13 - 2014-09-08 22:13 - 00688992 ____R (Swearware) C:\Users\tayweb\Downloads\dds (1).scr
2014-09-08 22:08 - 2014-09-08 22:08 - 00688992 _____ (Swearware) C:\Users\tayweb\Downloads\dds.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 21:44 - 2013-09-21 19:18 - 01071640 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 21:43 - 2014-04-12 13:25 - 02268160 ___SH () C:\Users\tayweb\Downloads\Thumbs.db
2014-10-08 21:42 - 2013-12-25 09:36 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-444850313-4093084663-149680862-1001
2014-10-08 21:42 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-08 21:39 - 2013-12-25 10:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{43896C46-6ED1-4AAC-9E8E-3030293305A3}
2014-10-08 21:37 - 2013-12-28 19:45 - 00124416 ___SH () C:\Users\tayweb\Desktop\Thumbs.db
2014-10-08 21:32 - 2014-01-14 12:02 - 00000000 ____D () C:\Users\tayweb\AppData\Roaming\ClassicShell
2014-10-08 21:27 - 2013-09-21 19:18 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-10-08 21:20 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-08 21:17 - 2013-09-12 21:25 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 21:15 - 2014-01-07 20:13 - 00000000 ___RD () C:\Users\tayweb\Google Drive
2014-10-08 21:15 - 2013-12-25 10:57 - 00000000 ___DO () C:\Users\tayweb\SkyDrive
2014-10-08 21:13 - 2013-09-21 19:52 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 21:13 - 2013-09-21 19:49 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-08 21:13 - 2013-09-21 19:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-08 21:13 - 2013-09-21 19:48 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-10-08 21:13 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-08 21:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-08 21:11 - 2013-08-22 07:25 - 00000194 _____ () C:\Windows\win.ini
2014-10-08 21:10 - 2014-07-11 00:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-08 21:10 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 21:08 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-08 21:03 - 2013-09-21 19:52 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 17:39 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-28 17:35 - 2014-04-10 11:03 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 17:35 - 2014-04-10 11:02 - 588085382 _____ () C:\Windows\MEMORY.DMP
2014-09-26 23:55 - 2013-09-12 21:14 - 00102238 _____ () C:\Windows\PFRO.log
2014-09-25 23:13 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-25 15:42 - 2013-12-25 09:30 - 00000000 ____D () C:\Users\tayweb
2014-09-23 22:00 - 2014-03-23 22:50 - 00113152 ___SH () C:\Users\tayweb\Documents\Thumbs.db
2014-09-22 22:28 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-19 14:25 - 2013-08-22 08:44 - 00373288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 12:31 - 2013-09-21 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-18 12:26 - 2013-08-22 08:46 - 00024154 _____ () C:\Windows\setupact.log
2014-09-18 12:22 - 2014-07-17 16:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 12:22 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 12:21 - 2013-08-22 13:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-18 12:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-18 12:21 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-15 21:15 - 2014-01-11 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 21:12 - 2014-01-11 11:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-15 21:05 - 2013-09-12 21:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-15 20:59 - 2014-04-24 17:42 - 00000000 ____D () C:\Users\tayweb\AppData\Local\CrashDumps
2014-09-08 13:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\tayweb\AppData\Local\Temp\CloudBackup671.exe
C:\Users\tayweb\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 22:23

==================== End Of Log ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by tayweb at 2014-10-08 21:47:55
Running from C:\Users\tayweb\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.13727 - Systweak Software) <==== ATTENTION
AdvanceElite (HKLM\...\AdvanceElite) (Version: 2014.09.25.205105 - AdvanceElite)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Start Now (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
File Opener Packages (HKCU\...\File Opener Packages) (Version: - ) <==== ATTENTION
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WSE_Lasaoren (HKLM-x32\...\WSE_Lasaoren) (Version: - WSE_Lasaoren)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

02-09-2014 22:34:07 Windows Update
07-09-2014 03:40:39 Installed Java 7 Update 67
15-09-2014 19:48:49 Windows Update
16-09-2014 00:00:32 Start Fix
19-09-2014 19:50:40 zoek.exe restore point
26-09-2014 04:31:57 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0F8544C7-EA74-45DA-8FDC-44B4024BD3D5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {19F44512-40BD-4305-B1F3-ADF7C6DED2B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-25] (AVAST Software)
Task: {1C06A7E5-7850-4FD3-A26E-410DDD2AE970} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A589662-5217-4C5F-BCB9-F85EB5160F86} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E648E60-0A4C-4A52-9779-F49D1B3C187D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5B2FACA4-785F-49C9-A8D1-8434211F39A9} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-08-25] (Systweak) <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AD563D8-17EC-4122-AC41-7680EA8F3924} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E8BF76A-45F5-4A80-A341-49FB368255FA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {94BAA4E2-E6D8-41F3-B234-6DC7BDB1CC34} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9563FCBC-EF91-4669-8052-69BFBC9CFA74} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9BD77BD6-B760-415C-BDED-7F25674F700A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-23] (Synaptics Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A540EEAF-903E-40EB-B08C-7FE907B23158} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {A7BAE631-3174-47A2-A4C9-0FB4198444FF} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-08-29] ()
Task: {A85A4382-C212-4470-80F9-A81220AE080E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {AC9C2BE4-BDC6-46C6-8A16-D5828EB0B948} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C31B5706-B025-4390-AD8E-B4609806E985} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {C88F140D-37A6-4C19-A6B8-CCAE0996907D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-15] (Microsoft Corporation)
Task: {CE312C8A-FDAF-401F-98BC-1A609739D1BD} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D255E493-1FBD-46DD-8547-8897AC0796CE} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E24EE274-E4EA-4453-A0D8-FF8D4363A111} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F1CFE016-B532-48C6-83A0-F14A6B2A2E3D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {FC6AE7E8-ADCE-453D-A269-C2355C305236} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 20:47 - 2013-08-30 20:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-09-25 16:05 - 2014-10-08 20:47 - 00522480 _____ () C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
2014-09-25 22:24 - 2014-10-08 20:50 - 00522480 _____ () C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
2014-09-25 22:26 - 2014-10-08 19:36 - 00349936 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe
2014-09-25 22:26 - 2014-10-08 20:36 - 00114928 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe
2014-09-25 22:26 - 2014-10-08 20:36 - 00098544 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
2014-10-07 15:23 - 2014-10-07 23:45 - 01649904 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
2014-10-08 20:45 - 2014-10-07 23:44 - 00161008 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-07-17 16:22 - 2014-07-17 16:22 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2014-09-03 18:38 - 2014-09-03 18:38 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\d07f690ce5d3a2de7c9089a6200d64db\Windows.Data.ni.dll
2014-07-17 16:22 - 2014-07-17 16:22 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-10-07 15:23 - 2014-10-07 23:45 - 01786608 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
2014-10-07 15:23 - 2014-10-07 23:45 - 01791216 _____ () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
2014-09-25 22:28 - 2014-08-29 17:02 - 08078152 _____ () C:\Program Files (x86)\RCP\RegCleanPro.exe
2014-09-25 22:33 - 2014-09-25 22:33 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-06 12:58 - 2014-10-06 12:58 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100601\algo.dll
2014-10-08 21:12 - 2014-10-08 21:12 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100802\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-25 22:28 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-09-25 22:28 - 2014-08-25 18:35 - 01730928 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-09-25 22:28 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\ASP\UNRAR.DLL
2014-09-25 22:33 - 2014-09-25 22:33 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-08 21:14 - 2014-10-08 21:14 - 00098816 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32api.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00110080 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\pywintypes27.dll
2014-10-08 21:14 - 2014-10-08 21:14 - 00364544 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\pythoncom27.dll
2014-10-08 21:14 - 2014-10-08 21:14 - 00045568 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_socket.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 01160704 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_ssl.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00320512 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32com.shell.shell.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00713216 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_hashlib.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 01175040 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._core_.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00805888 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._gdi_.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00811008 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._windows_.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 01062400 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._controls_.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00735232 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._misc_.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00128512 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_elementtree.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00127488 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\pyexpat.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00557056 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\pysqlite2._sqlite.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00007168 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\hashobjs_ext.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00087552 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_ctypes.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00119808 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32file.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00108544 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32security.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00018432 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32event.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00038912 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32inet.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00070656 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._html2.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00167936 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32gui.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00011264 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32crypt.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00027136 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\_multiprocessing.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00686080 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\unicodedata.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00122368 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._wizard.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00010240 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\select.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00024064 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32pipe.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00025600 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32pdh.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00525640 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\windows._lib_cacheinvalidation.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00035840 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32process.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00017408 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32profile.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00022528 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\win32ts.pyd
2014-10-08 21:14 - 2014-10-08 21:14 - 00078336 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI24402\wx._animate.pyd
2014-09-25 22:26 - 2014-10-08 20:36 - 00194800 _____ () C:\Program Files (x86)\AdvanceElite\bin\bb7b7a60f57447c28a0b.dll
2014-09-25 16:08 - 2014-09-22 22:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 16:08 - 2014-09-22 22:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 16:08 - 2014-09-22 22:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 16:08 - 2014-09-22 22:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 16:08 - 2014-09-22 22:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 16:08 - 2014-09-22 22:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tayweb\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-444850313-4093084663-149680862-500 - Administrator - Disabled)
Guest (S-1-5-21-444850313-4093084663-149680862-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-444850313-4093084663-149680862-1003 - Limited - Enabled)
tayweb (S-1-5-21-444850313-4093084663-149680862-1001 - Administrator - Enabled) => C:\Users\tayweb

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 09:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 154391

Error: (10/08/2014 09:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 154391

Error: (10/08/2014 09:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/08/2014 09:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12625

Error: (10/08/2014 09:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12625

Error: (10/08/2014 09:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/08/2014 09:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11078

Error: (10/08/2014 09:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11078

Error: (10/08/2014 09:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/08/2014 09:27:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9547


System errors:
=============
Error: (10/08/2014 09:41:22 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:24:17 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:24:17 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:22:03 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:08:56 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (10/08/2014 09:03:58 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:03:37 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm
Advertisement
Register to Remove

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 9th, 2014, 5:43 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 9th, 2014, 5:54 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi u0717211

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start removing your infection, I need you to run a couple of additional scans for me, so I've got a more complete picture of what needs to be removed.

First ....

Your logs show you have both Norton Internet Security and Avast Free Antivirus installed on your machine. This is a recipe for disaster, as the two programs will conflict, giving you less not more protection.

You need to uninstall one of them immediately, I leave it to you as to which one you want to get rid of.

Reboot your computer once you've uninstalled your "surplus" AV program.

Next ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;AdvanceElite

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • Search.txt
  • Post the rest of Attach.txt as well please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 10th, 2014, 12:51 am

ADW Cleaner Log

# AdwCleaner v3.311 - Report created 09/10/2014 at 17:36:32
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : tayweb - TDIDDY
# Running from : C:\Users\tayweb\Downloads\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update AdvanceElite
Service Found : Util AdvanceElite
Service Found : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\advanced-System Protector.lnk
File Found : C:\Users\Public\Desktop\RegClean Pro.lnk
File Found : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\tayweb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\tayweb\Desktop\MyPC Backup.lnk
File Found : C:\Users\tayweb\Desktop\Sync Folder.lnk
File Found : C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\sasnative64.exe
Folder Found : C:\Program Files (x86)\AdvanceElite
Folder Found : C:\Program Files (x86)\ASP
Folder Found : C:\Program Files (x86)\Tweaks
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\tayweb\AppData\Local\Temp\AdvanceElite
Folder Found : C:\Users\tayweb\AppData\Roaming\1H1Q
Folder Found : C:\Users\tayweb\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****

Task Found : advanced-System Protector_startup
Task Found : LaunchSignup
Task Found : RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AdvanceElite
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\AdvanceElite
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\systweak
Key Found : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAdvanceElite.exe
Key Found : HKLM\SOFTWARE\AdvanceElite
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9303da31-7a21-45fd-bd61-03ea56853012}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AdvanceElite
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AdvanceElite
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6405 octets] - [15/09/2014 22:28:07]
AdwCleaner[R1].txt - [5424 octets] - [09/10/2014 17:36:32]
AdwCleaner[S0].txt - [5985 octets] - [15/09/2014 22:44:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5544 octets] ##########
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 10th, 2014, 12:52 am

Search Log

Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by tayweb at 2014-10-09 21:33:25
Running from C:\Users\tayweb\Downloads
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;AdvanceElite" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Classes\ActivatableClasses\CLSID\{75BC91F1-2000-58EB-923F-22223F0B0108}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001_Classes\ActivatableClasses\CLSID\{75BC91F1-2000-58EB-923F-22223F0B0108}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"A2CA2FA62353DF34F9D4DB9C0C7D427C"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "AdvanceElite" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}]
""="IAdvanceEliteBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}]
""="AdvanceElite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}]
""="IAdvanceEliteBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdvanceElite.BOASPRT.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP]
"1"="Software\Microsoft\Windows\CurrentVersion\Uninstall
AdvanceElite
C:\Program Files (x86)\AdvanceElite\AdvanceEliteuninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
"DisplayName"="AdvanceElite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
"QuietUninstallString"="C:\Program Files (x86)\AdvanceElite\AdvanceEliteUn.exe REP_"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
"DisplayIcon"="C:\Program Files (x86)\AdvanceElite\AdvanceElite.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
"HelpLink"="mailto:support@advanceelite.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
"URLInfoAbout"="http://advanceelite.com/support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"UninstallString"="C:\Program Files (x86)\AdvanceElite\AdvanceEliteUn.exe REP_BD_"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdvanceElite]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"AdvanceElite.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"AdvanceElite.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"AdvanceElite.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"AdvanceElite.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"AdvanceElite.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}]
""="AdvanceElite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}]
""="IAdvanceEliteBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}64.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"PendingFileRenameOperations"="\??\C:\Program Files (x86)\AdvanceElite\bin\tmpF2DE.tmp
"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util AdvanceElite]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies]
""="0file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45EDF620-E6BB-4351-8972-82370437DDDA}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe|Name=AdvanceElite.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96B4DB27-460A-4B57-8BF4-E2A1446D10E9}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe|Name=AdvanceElite.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update AdvanceElite]
"ImagePath"=""C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Util AdvanceElite]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Util AdvanceElite]
"DisplayName"="Util AdvanceElite"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AdvanceElite]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{26B1822C-7A33-42C6-B2EB-8E0079ED7A2E}]
"AutoConfigUrl"="file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A7316D02-D192-46EC-8019-1AD5D88FCF11}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe|Name=AdvanceElite.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A97328C-F4F5-4B91-AC00-11161DC930BD}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe|Name=AdvanceElite.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AdvanceElite]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AdvanceElite]
"DisplayName"="Update AdvanceElite"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AdvanceElite]
"ImagePath"=""C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe""

[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe]

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe]

[HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js"

[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe]

[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe]
====== End Of Search ======
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 10th, 2014, 12:53 am

Rest of Addition Log


Error: (10/08/2014 09:03:37 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:00:42 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:00:22 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/08/2014 09:00:01 PM) (Source: DCOM) (EventID: 10016) (User: TDIDDY)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TDiddytaywebS-1-5-21-444850313-4093084663-149680862-1001LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 5582.26 MB
Available physical RAM: 2235.57 MB
Total Pagefile: 11214.26 MB
Available Pagefile: 7307.06 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (TI10673700F) (Fixed) (Total:456.45 GB) (Free:389.66 GB) NTFS
Drive e: (TAY) (Removable) (Total:7.48 GB) (Free:0.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 10th, 2014, 1:59 am

Looking over your new logs, back as soon as I've looked them over.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 10th, 2014, 4:23 am

OK, lets get started cleaning your computer.

First ....

Please uninstall the following programs ...

Advanced-System Protector
AdvanceElite
Buzzdock
File Opener Packages
MyPC Backup
RegClean-Pro


Reboot your computer when you've finished uninstalling them all.

If any of them give you any problems uninstalling them, just continue with the instructions below, if they go easily, still follow the instructions below.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://Lasaoren.com/results.php?f=4&q= {searchTerms}&a=lrn_dsites_14_39_ch&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEzzzyyCyByB0D0AtB0E0AtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzztAyEtAyDyEtBtGyC0DtByCtG0BtC0B0DtGtCyCzz0FtGyDyB0E0D0AyE0EtD0D0FyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCyB0DtBtDtAzytGyC0E0EtBtGyEtC0CyDtGzyyC0ByCtGyDtBzy0DyDzyzzzzzyyCyCyD2Q&cr=106613913&ir=
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [522480 2014-10-08] ()
R2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [522480 2014-10-08] ()
Task: {5B2FACA4-785F-49C9-A8D1-8434211F39A9} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-08-25] (Systweak) <==== ATTENTION
Task: {A7BAE631-3174-47A2-A4C9-0FB4198444FF} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-08-29] ()
Task: {C31B5706-B025-4390-AD8E-B4609806E985} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\AdvanceElite
C:\Program Files (x86)\RCP
C:\Program Files (x86)\ASP
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdvanceElite.BOASPRT.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP" /v "1" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{26B1822C-7A33-42C6-B2EB-8E0079ED7A2E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{A7316D02-D192-46EC-8019-1AD5D88FCF11}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{8A97328C-F4F5-4B91-AC00-11161DC930BD}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AdvanceElite" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 11th, 2014, 12:38 am

ADW Cleaner Log

# AdwCleaner v3.311 - Report created 10/10/2014 at 22:22:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : tayweb - TDIDDY
# Running from : C:\Users\tayweb\Downloads\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64
Service Deleted : {c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
Folder Deleted : C:\Program Files (x86)\Tweaks
Folder Deleted : C:\Users\tayweb\AppData\Roaming\1H1Q
Folder Deleted : C:\Users\tayweb\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys
File Deleted : C:\Users\tayweb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\tayweb\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\tayweb\Desktop\Sync Folder.lnk
File Deleted : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6405 octets] - [15/09/2014 22:28:07]
AdwCleaner[R1].txt - [5672 octets] - [09/10/2014 17:36:32]
AdwCleaner[R2].txt - [3474 octets] - [10/10/2014 22:19:21]
AdwCleaner[S0].txt - [5985 octets] - [15/09/2014 22:44:17]
AdwCleaner[S1].txt - [3321 octets] - [10/10/2014 22:22:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3381 octets] ##########
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 11th, 2014, 12:39 am

Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
Ran by tayweb at 2014-10-10 22:27:56 Run:2
Running from C:\Users\tayweb\Desktop
Loaded Profile: tayweb (Available profiles: tayweb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://Lasaoren.com/results.php?f=4&q= {searchTerms}&a=lrn_dsites_14_39_ch&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEzzzyyCyByB0D0AtB0E0AtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzztAyEtAyDyEtBtGyC0DtByCtG0BtC0B0DtGtCyCzz0FtGyDyB0E0D0AyE0EtD0D0FyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCyB0DtBtDtAzytGyC0E0EtBtGyEtC0CyDtGzyyC0ByCtGyDtBzy0DyDzyzzzzzyyCyCyD2Q&cr=106613913&ir=
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\PROGRAM Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Update AdvanceElite; C:\PROGRAM Files (x86)\AdvanceElite\updateAdvanceElite.exe [522480 2014-10-08] ()
R2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [522480 2014-10-08] ()
Task: {5B2FACA4-785F-49C9-A8D1-8434211F39A9} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-08-25] (SYSTWEAK) <==== ATTENTION
Task: {A7BAE631-3174-47A2-A4C9-0FB4198444FF} - System32\Tasks\REGCLEAN Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-08-29] ()
Task: {C31B5706-B025-4390-AD8E-B4609806E985} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup WIZARD.exe <==== ATTENTION
C:\Program Files (x86)\AdvanceElite
C:\Program Files (x86)\RCP
C:\Program Files (x86)\ASP
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdvanceElite.BOASPRT.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP" /v "1" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AdvanceElite.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{26B1822C-7A33-42C6-B2EB-8E0079ED7A2E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{A7316D02-D192-46EC-8019-1AD5D88FCF11}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{8A97328C-F4F5-4B91-AC00-11161DC930BD}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AdvanceElite" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AdvanceElite" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f
EmptyTemp:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46CF69E2-52E7-49A1-876C-EB39B13879C9}" => Key deleted successfully.
"HKCR\CLSID\{46CF69E2-52E7-49A1-876C-EB39B13879C9}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Update AdvanceElite => Service not found.
Util AdvanceElite => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B2FACA4-785F-49C9-A8D1-8434211F39A9}" => Key not found.
C:\Windows\System32\Tasks\Advanced-System Protector_startup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BAE631-3174-47A2-A4C9-0FB4198444FF}" => Key not found.
C:\Windows\System32\Tasks\REGCLEAN Pro not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGCLEAN Pro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31B5706-B025-4390-AD8E-B4609806E985}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
C:\Program Files (x86)\AdvanceElite => Moved successfully.
"C:\Program Files (x86)\RCP" => File/Directory not found.
"C:\Program Files (x86)\ASP" => File/Directory not found.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Trolltech" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdvanceElite.BOASPRT.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP" /v "1" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdvanceElite" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AdvanceElite.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AdvanceElite.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AdvanceElite.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AdvanceElite.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AdvanceElite.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9303DA31-7A21-45FD-BD61-03EA56853012}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{26B1822C-7A33-42C6-B2EB-8E0079ED7A2E}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{A7316D02-D192-46EC-8019-1AD5D88FCF11}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{8A97328C-F4F5-4B91-AC00-11161DC930BD}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AdvanceElite" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AdvanceElite" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-444850313-4093084663-149680862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AdvanceElite.BRT.Helper.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAdvanceElite.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

EmptyTemp: => Removed 731.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 11th, 2014, 1:08 am

Looks like things have been successful so far, we just need to check for remnants now.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
  • Also please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 12th, 2014, 2:09 pm

My computer has not gotten much better. It is still very slow and new tabs open frequently with ads and other random websites. Also, random words are highlighted in paragraphs of text that are highlighted with thinks to advertisements that shouldn't be there. I noticed some small improvement after uninstalling norton antivirus.

Here is my ESET LOG

C:\AdwCleaner\Quarantine\C\Users\tayweb\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tayweb\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe.vir Win32/InstallCore.PC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\AdvanceElite\AdvanceEliteUn.exe a variant of Win64/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg\12295.8850.4604_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Users\tayweb\AppData\Local\Temp\APNSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\FRST\Quarantine\C\Users\tayweb\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats
C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/SoftPulse.H potentially unwanted application
C:\Users\tayweb\Downloads\FileOpenerSetup (1).exe a variant of Win32/InstallCore.NF potentially unwanted application
C:\Users\tayweb\Downloads\FileOpenerSetup.exe a variant of Win32/InstallCore.NF potentially unwanted application
C:\zoek_backup\C_Users_tayweb_AppData_Local_nst988B.tmp.vir Win32/AnyProtect.F potentially unwanted application
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby Gary R » October 12th, 2014, 3:05 pm

OK, not too much of any concern there, most of the stuff detected is just the encrypted quarantine files from the various tools that have been used on your computer, we'll remove them when we remove the tools.

There's just a couple of files that we need to delete, so ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (Don't include Code: Select all)
Code: Select all
C:\Users\tayweb\Downloads\FileOpenerSetup (1).exe
C:\Users\tayweb\Downloads\FileOpenerSetup.exe

DeleteQuarantine:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ....

We need to remove the programs we've been using to clean your computer. There's also a few left on your machine from earlier attempts to fix it that need removing, so ....

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • Delfix.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 13th, 2014, 12:46 am

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by tayweb at 2014-10-12 22:32:42 Run:3
Running from C:\Users\tayweb\Desktop
Loaded Profile: tayweb (Available profiles: tayweb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\tayweb\Downloads\FileOpenerSetup (1).exe
C:\Users\tayweb\Downloads\FileOpenerSetup.exe

DeleteQuarantine:
*****************

C:\Users\tayweb\Downloads\FileOpenerSetup (1).exe => Moved successfully.
C:\Users\tayweb\Downloads\FileOpenerSetup.exe => Moved successfully.
"C:\FRST\Quarantine" => removed successfully.

==== End of Fixlog ====
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and endless pop-ups

Unread postby u0717211 » October 13th, 2014, 12:48 am

DelFix

# DelFix v10.8 - Logfile created 12/10/2014 at 22:42:34
# Updated 29/07/2014 by Xplode
# Username : tayweb - TDIDDY
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\tayweb\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.40_22.09.2014_22.44.32_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_25.09.2014_22.17.15_log.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\tayweb\Desktop\AdwCleaner[R1].txt
Deleted : C:\Users\tayweb\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\tayweb\Desktop\adwcleaner_3.311 - Shortcut.lnk
Deleted : C:\Users\tayweb\Desktop\dds - Shortcut.lnk
Deleted : C:\Users\tayweb\Desktop\dds.com
Deleted : C:\Users\tayweb\Desktop\Fixlog.txt
Deleted : C:\Users\tayweb\Desktop\FRST64 - Shortcut.lnk
Deleted : C:\Users\tayweb\Desktop\FRST64.exe
Deleted : C:\Users\tayweb\Desktop\Search.txt
Deleted : C:\Users\tayweb\Desktop\tdsskiller - Shortcut.lnk
Deleted : C:\Users\tayweb\Desktop\zoek.exe
Deleted : C:\Users\tayweb\Downloads\Addition.txt
Deleted : C:\Users\tayweb\Downloads\adwcleaner_3.311.exe
Deleted : C:\Users\tayweb\Downloads\dds (1).scr
Deleted : C:\Users\tayweb\Downloads\dds (2).scr
Deleted : C:\Users\tayweb\Downloads\dds.scr
Deleted : C:\Users\tayweb\Downloads\FRST.txt
Deleted : C:\Users\tayweb\Downloads\FRST64.exe
Deleted : C:\Users\tayweb\Downloads\JRT (1).exe
Deleted : C:\Users\tayweb\Downloads\JRT (2).exe
Deleted : C:\Users\tayweb\Downloads\JRT (3).exe
Deleted : C:\Users\tayweb\Downloads\JRT.exe
Deleted : C:\Users\tayweb\Downloads\Search.txt
Deleted : C:\Users\tayweb\Downloads\tdsskiller.exe
Deleted : C:\Users\tayweb\Downloads\zoek (1).exe
Deleted : C:\Users\tayweb\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #30 [Windows Update | 09/02/2014 22:34:07]
Deleted : RP #31 [Installed Java 7 Update 67 | 09/07/2014 03:40:39]
Deleted : RP #32 [Windows Update | 09/15/2014 19:48:49]
Deleted : RP #33 [Start Fix | 09/16/2014 00:00:32]
Deleted : RP #34 [zoek.exe restore point | 09/19/2014 19:50:40]
Deleted : RP #35 [avast! antivirus system restore point | 09/26/2014 04:31:57]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware