Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win 7 - Can't Get Rid of UniSales (Chrome)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 1st, 2015, 9:49 pm

About 1 1/2 weeks or so ago ads had started popping up in Chrome, saying "Ads by Unisales," at the bottom. In Chrome, there are two extensions that are there every time I start it, both named Unisales, which I can remove for whatever length of time I have Chrome open, but once I close it and open it again, they're back. When I remove the extensions, no ads pop up.
I have Malwarebytes Pro, and even that doesn't seem to completely remove it from my computer. I have deleted a program from the control panel that was related to Unisales, in fact, I think it was called Unisales, but every other program there, is not related to it. I deleted a folder in my Program Files x86 folder, which was titled "UniSalees" or something of the sort. I have also tried resetting Chrome, which did not work either.
Any help would be appreciated.

DDS.txt:
Code: Select all
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Jacob at 20:44:16 on 2015-02-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.1572 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\KMSServerService\KMS Server Service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Wondershare AllMyTube 4.2.0: {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} - 
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [TeamSpeak 3 Client] "C:\Users\Jacob\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe"
uRun: [GoogleChromeAutoLaunch_BE49B27017FD712DF1E70FE7861589BC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [DelaypluginInstall] C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
StartupFolder: C:\Users\Jacob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03E9239F-DB06-4F00-85A8-A72B36542C3A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{03E9239F-DB06-4F00-85A8-A72B36542C3A}\A41636F6262E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{2133DEA5-07CE-4873-9A18-483C30823DC7} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: unisaLess: {444cb7c7-51dc-41ed-ac8c-bbf9980ffcad} - 
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-13 2449592]
R2 KMSServerService;Windows Service that emulates a Key Management Service (KMS) Server;C:\Windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort --> C:\Windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-20 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-20 969016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-7 21055432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-24 413128]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-7 4799760]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-7 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-20 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-20 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-2 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-14 726160]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-12 139592]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-12 418632]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [2014-12-15 56648]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-1-20 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-12 366216]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-12 786056]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv.sys [2014-5-13 42224]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2014-5-13 35440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-28 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2013-3-14 694376]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-28 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-28 1255736]
.
=============== Created Last 30 ================
.
2015-02-02 00:15:13	--------	d-----w-	C:\Users\Jacob\AppData\Roaming\Enigma Software Group
2015-01-30 21:35:12	11870360	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{738D7D7A-08E7-4FD9-AFC4-6338E8A2EFF4}\mpengine.dll
2015-01-29 00:05:25	--------	d-----w-	C:\Users\Jacob\AppData\Roaming\Wondershare AllMyTube
2015-01-29 00:05:10	--------	d-----w-	C:\Users\Jacob\AppData\Local\Wondershare
2015-01-29 00:05:09	--------	d-----w-	C:\Program Files (x86)\Common Files\Wondershare
2015-01-29 00:04:53	--------	d-----w-	C:\ProgramData\Wondershare AllMyTube
2015-01-29 00:04:51	--------	d-----w-	C:\ProgramData\Wondershare Application Common Data
2015-01-29 00:04:51	--------	d-----w-	C:\Program Files (x86)\Wondershare
2015-01-24 15:35:01	--------	d-----w-	C:\Users\Jacob\AppData\Roaming\java
2015-01-23 00:30:34	3123272	----a-w-	C:\Windows\SysWow64\pbsvc.exe
2015-01-21 01:07:50	43664	----a-w-	C:\Windows\System32\drivers\hitmanpro37.sys
2015-01-21 00:46:27	--------	d-----w-	C:\ProgramData\HitmanPro
2015-01-20 23:05:02	--------	d-----w-	C:\AdwCleaner
2015-01-19 19:04:24	--------	d-----w-	C:\ProgramData\aehpabmlpbcghdngccekgachpbcapgod
2015-01-19 19:03:49	--------	d-----w-	C:\ProgramData\{6f20fa27-029a-15db-6f20-0fa27029e89c}
2015-01-19 19:02:14	--------	d-----w-	C:\Users\Jacob\AppData\Local\IsolatedStorage
2015-01-19 19:01:49	--------	d-----w-	C:\Program Files (x86)\TampaGeneration
2015-01-19 19:01:41	--------	d-----w-	C:\Program Files (x86)\3D Counter Strike Attack
2015-01-19 19:00:50	--------	d-----w-	C:\ProgramData\dpplmooebcahhcakfjfpagjekgemmjhk
2015-01-19 19:00:01	--------	d-----w-	C:\ProgramData\{a18ac887-9381-eff7-a18a-ac887938221e}
2015-01-19 18:54:14	--------	d-----w-	C:\Users\Jacob\AppData\Roaming\uTorrent
2015-01-19 17:43:39	--------	d-----w-	C:\Users\Jacob\AppData\Local\Apple Computer
2015-01-19 17:43:29	33240	----a-w-	C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-01-19 17:43:10	--------	d-----w-	C:\Program Files\iPod
2015-01-19 17:43:09	--------	d-----w-	C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-19 17:43:09	--------	d-----w-	C:\Program Files\iTunes
2015-01-19 17:43:09	--------	d-----w-	C:\Program Files (x86)\iTunes
2015-01-19 17:42:23	--------	d-----w-	C:\Users\Jacob\AppData\Local\Apple
2015-01-19 17:41:48	--------	d-----w-	C:\Program Files\Bonjour
2015-01-19 17:41:48	--------	d-----w-	C:\Program Files (x86)\Bonjour
2015-01-14 01:11:06	590536	----a-w-	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-01-14 01:09:35	--------	d-----w-	C:\ProgramData\regid.1991-06.com.microsoft
2015-01-14 01:06:57	--------	d-----w-	C:\Program Files\Microsoft Office 15
2015-01-14 00:04:44	210432	----a-w-	C:\Windows\System32\profsvc.dll
2015-01-14 00:04:17	62976	----a-w-	C:\Windows\System32\TSWbPrxy.exe
2015-01-14 00:03:50	52224	----a-w-	C:\Windows\SysWow64\nlaapi.dll
2015-01-14 00:03:50	303616	----a-w-	C:\Windows\System32\nlasvc.dll
2015-01-14 00:03:50	156672	----a-w-	C:\Windows\SysWow64\ncsi.dll
2015-01-14 00:03:22	141312	----a-w-	C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 00:02:56	5553592	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-01-14 00:02:56	3971512	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 00:02:56	3916728	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 00:02:55	503808	----a-w-	C:\Windows\System32\srcore.dll
2015-01-14 00:02:55	50176	----a-w-	C:\Windows\System32\srclient.dll
2015-01-14 00:02:55	43008	----a-w-	C:\Windows\SysWow64\srclient.dll
2015-01-14 00:02:55	296960	----a-w-	C:\Windows\System32\rstrui.exe
.
==================== Find3M  ====================
.
2015-02-02 00:46:58	129752	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-23 00:30:37	189248	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2015-01-23 00:30:35	75136	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
2015-01-19 22:31:59	270408	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2015-01-06 09:36:02	298120	------w-	C:\Windows\System32\MpSigStub.exe
2014-12-13 05:09:01	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44	115712	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 03:06:23	2724864	----a-w-	C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11	4096	----a-w-	C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39	66560	----a-w-	C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10	580096	----a-w-	C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54	48640	----a-w-	C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20	88064	----a-w-	C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51	814080	----a-w-	C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07	6039552	----a-w-	C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44	2724864	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16	77824	----a-w-	C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43	501248	----a-w-	C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17	62464	----a-w-	C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32	47616	----a-w-	C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02	64000	----a-w-	C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30	620032	----a-w-	C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10	1359360	----a-w-	C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58	2125312	----a-w-	C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04	60416	----a-w-	C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26	4299264	----a-w-	C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21	2358272	----a-w-	C:\Windows\System32\wininet.dll
2014-11-22 01:22:49	2052096	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57	1155072	----a-w-	C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20	1888256	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:22	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12	93400	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-11-15 17:32:09	111016	----a-w-	C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-11 03:09:06	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52	241152	----a-w-	C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48	728064	----a-w-	C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32	186880	----a-w-	C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25	550912	----a-w-	C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 20:45:00.48 ===============


Attach.txt:
Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2014 8:03:03 PM
System Uptime: 2/1/2015 7:11:07 PM (1 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | MS-7379
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | CPU 1 | 2400/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 113.782 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 264.924 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP154: 1/13/2015 7:01:25 PM - Windows Update
RP155: 1/13/2015 9:39:41 PM - Windows Update
RP156: 1/18/2015 8:34:31 AM - Windows Update
RP157: 1/19/2015 12:42:29 PM - Installed iTunes
RP158: 1/20/2015 8:03:41 PM - Checkpoint by HitmanPro
RP159: 1/20/2015 8:04:33 PM - Checkpoint by HitmanPro
RP160: 1/21/2015 6:31:33 PM - Windows Update
RP161: 1/22/2015 7:28:29 PM - Installed DirectX
RP162: 1/22/2015 7:30:41 PM - Installed Ubisoft Game Launcher
RP163: 1/24/2015 10:33:49 AM - Installed Minecraft
RP164: 1/27/2015 6:45:52 PM - Windows Update
.
==== Installed Programs ======================
.
3D Counter Strike Attack
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
Assassin's Creed Brotherhood
Assassin's Creed II
Assassin's Creed Revelations
Audacity 2.0.5
Banished
Battlefield Heroes
Bonjour
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon MX450 series MP Drivers
Chrome Remote Desktop Host
Counter-Strike: Global Offensive
Counter-Strike: Source
CPUID CPU-Z 1.69.2
CPUID HWMonitor Pro 1.19
D3DX10
DayZ
Democracy 3
Dota 2
Dropbox
Dual-Core Optimizer
Far Cry® 3
FileZilla Client 3.8.1
Fraps (remove only)
Garry's Mod
GCFScape 1.8.5
GIGABYTE OC_GURU
Goat Simulator
Google Chrome
Google Drive
Google Earth
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
iTunes
Java 7 Update 55
Java 8 Update 25
Java 8 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 8 Update 25 (64-bit)
Just Cause 2
Just Cause 2: Multiplayer Mod
L.A. Noire
League of Legends
Left 4 Dead 2
Logitech Gaming Software
Logitech Gaming Software 8.51
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 365 ProPlus - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Minecraft
Mirror's Edge
Moonbase Alpha
MorphVOX Pro
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MuseScore 1.3
Nexon Launcher
No More Room in Hell
Notepad++
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 10.11.15
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 14.6.22
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 14.6.22
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Open Broadcaster Software
Origin
Overwolf.Setup.VC100CRTx64.Dist
Paint.NET v3.5.11
PAYDAY: The Heist
Photo Common
Photo Gallery
Portal 2
PunkBuster Services
puush
Red Orchestra 2: Heroes of Stalingrad - Single Player
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft .NET Framework 4.5 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5 (KB2898864)
Security Update for Microsoft .NET Framework 4.5 (KB2901118)
Security Update for Microsoft .NET Framework 4.5 (KB2931368)
Security Update for Microsoft .NET Framework 4.5 (KB2972107)
Security Update for Microsoft .NET Framework 4.5 (KB2972216)
Security Update for Microsoft .NET Framework 4.5 (KB2978128)
Security Update for Microsoft .NET Framework 4.5 (KB2979578v2)
SHIELD Streaming
Sid Meier's Civilization V
Skype™ 6.18
Sleeping Dogs™
Source SDK Base 2007
Spotify
SpyHunter 4
Steam
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 9
The Elder Scrolls V: Skyrim
The Sims™ 4
The Walking Dead
The Walking Dead: Season Two
Unity Web Player
Unturned
Uplay
VTFEdit 1.2.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.01 (64-bit)
XeMu360
XSplit Broadcaster
.
==== Event Viewer Messages From Past Week ========
.
1/25/2015 9:02:56 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/25/2015 9:02:56 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm
Advertisement
Register to Remove

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Cypher » February 5th, 2015, 9:14 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java 7 Update 55
SpyHunter 4


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.




Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 5th, 2015, 8:16 pm

Backing up now. Will post again when I've completed all of the steps. Thanks for the help!
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 5th, 2015, 9:49 pm

AdwCleaner:
Code: Select all
# AdwCleaner v4.110 - Logfile created 05/02/2015 at 20:44:33
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jacob - JACOB-PC
# Running from : C:\Users\Jacob\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\TampaGeneration
Folder Deleted : C:\ProgramData\aehpabmlpbcghdngccekgachpbcapgod
Folder Deleted : C:\ProgramData\dpplmooebcahhcakfjfpagjekgemmjhk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.99

[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aehpabmlpbcghdngccekgachpbcapgod
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dpplmooebcahhcakfjfpagjekgemmjhk

-\\ Chromium v

[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

*************************

AdwCleaner[R0].txt - [2228 bytes] - [20/01/2015 18:05:04]
AdwCleaner[R1].txt - [1770 bytes] - [20/01/2015 19:35:51]
AdwCleaner[R2].txt - [1018 bytes] - [20/01/2015 20:13:02]
AdwCleaner[R3].txt - [2570 bytes] - [05/02/2015 20:42:28]
AdwCleaner[S0].txt - [1954 bytes] - [20/01/2015 19:41:35]
AdwCleaner[S1].txt - [1082 bytes] - [20/01/2015 20:15:54]
AdwCleaner[S2].txt - [2919 bytes] - [05/02/2015 20:44:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2978  bytes] ##########


This seems to have fixed my problem, Chrome no longer has UniSales on it every time I start it. Thank you so much for your help!
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Cypher » February 6th, 2015, 7:38 am

Hi,
Sasfaction wrote:This seems to have fixed my problem, Chrome no longer has UniSales on it every time I start it. Thank you so much for your help!

That's good to hear, but i still need to see the FRST.txt and Addition.txt contents.
Post both logs in your next reply.
Remember, absence of symptoms does not mean the infection is all gone.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 6th, 2015, 9:16 am

FRST:
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Jacob (administrator) on JACOB-PC on 06-02-2015 08:09:02
Running from C:\Users\Jacob\Desktop
Loaded Profiles: Jacob (Available profiles: Jacob)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\KMSServerService\KMS Server Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\puush\puush.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dropbox, Inc.) C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-04-24] ()
HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Run: [TeamSpeak 3 Client] => C:\Users\Jacob\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe [9238472 2014-08-04] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Run: [GoogleChromeAutoLaunch_BE49B27017FD712DF1E70FE7861589BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3211221019-2073745177-774551734-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unisaLess -> {444cb7c7-51dc-41ed-ac8c-bbf9980ffcad} -> C:\Program Files (x86)\unisaLess\Mz7xNCgNgjRwaq.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Wondershare AllMyTube 4.2.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3211221019-2073745177-774551734-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3211221019-2073745177-774551734-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Google Search) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-11-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR Profile: C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (3D Counter Strike Attack) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aamljmgllfjgagkdhgpjlcnnaicgpnhd [2015-01-19]
CHR Extension: (Google Slides) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [294912 2013-03-30] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-01-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-20] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 08:09 - 2015-02-06 08:11 - 00020972 _____ () C:\Users\Jacob\Desktop\FRST.txt
2015-02-06 08:08 - 2015-02-06 08:09 - 00000000 ____D () C:\FRST
2015-02-06 08:07 - 2015-02-06 08:08 - 02131968 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe
2015-02-05 20:40 - 2015-02-05 20:40 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-01 20:43 - 2015-02-01 20:44 - 00688992 ____R (Swearware) C:\Users\Jacob\Downloads\dds.scr
2015-02-01 19:15 - 2015-02-01 19:15 - 00000000 _____ () C:\autoexec.bat
2015-02-01 19:13 - 2015-02-01 19:13 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Jacob\Downloads\SpyHunter-Installer.exe
2015-01-28 19:05 - 2015-01-28 19:05 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Wondershare AllMyTube
2015-01-28 19:05 - 2015-01-28 19:05 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Wondershare
2015-01-28 19:04 - 2015-01-28 19:06 - 00000000 ____D () C:\ProgramData\Wondershare AllMyTube
2015-01-28 19:04 - 2015-01-28 19:06 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-01-28 19:04 - 2015-01-28 19:04 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-01-28 19:04 - 2015-01-28 19:04 - 00000000 ____D () C:\ProgramData\Wondershare Application Common Data
2015-01-28 19:03 - 2015-01-28 19:03 - 00845896 _____ (Wondershare) C:\Users\Jacob\Downloads\youtube-downloader_setup_full235.exe
2015-01-24 10:51 - 2015-01-24 10:52 - 04592528 _____ () C:\Users\Jacob\Downloads\TechnicLauncher.exe
2015-01-24 10:35 - 2015-01-24 10:35 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\java
2015-01-24 10:34 - 2015-01-24 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-24 10:33 - 2015-01-24 10:33 - 02314240 _____ () C:\Users\Jacob\Downloads\MinecraftInstaller.msi
2015-01-22 19:31 - 2015-01-22 19:33 - 00000000 ____D () C:\Users\Jacob\Documents\Assassin's Creed Revelations
2015-01-22 19:30 - 2014-12-19 20:59 - 03123272 _____ () C:\Windows\SysWOW64\pbsvc.exe
2015-01-20 20:07 - 2015-01-20 20:07 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-20 20:04 - 2015-01-20 20:04 - 00004546 _____ () C:\Windows\system32\.crusader
2015-01-20 19:46 - 2015-01-20 20:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-20 19:45 - 2015-01-20 19:46 - 11225840 _____ (SurfRight B.V.) C:\Users\Jacob\Downloads\HitmanPro_x64.exe
2015-01-20 18:05 - 2015-02-05 20:44 - 00000000 ____D () C:\AdwCleaner
2015-01-20 18:04 - 2015-01-20 18:04 - 02186752 _____ () C:\Users\Jacob\Downloads\adwcleaner_4.108.exe
2015-01-19 14:03 - 2015-01-20 20:04 - 00000000 ____D () C:\ProgramData\{6f20fa27-029a-15db-6f20-0fa27029e89c}
2015-01-19 14:02 - 2015-01-19 14:02 - 00000000 ____D () C:\Users\Jacob\AppData\Local\IsolatedStorage
2015-01-19 14:01 - 2015-01-20 20:04 - 00000000 ____D () C:\Program Files (x86)\3D Counter Strike Attack
2015-01-19 14:00 - 2015-01-19 14:00 - 00000000 ____D () C:\ProgramData\{a18ac887-9381-eff7-a18a-ac887938221e}
2015-01-19 13:54 - 2015-01-20 17:09 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent
2015-01-19 12:43 - 2015-01-19 12:44 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Apple Computer
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apple Computer
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\Program Files\iTunes
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\Program Files\iPod
2015-01-19 12:43 - 2015-01-19 12:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-19 12:43 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-19 12:42 - 2015-01-19 12:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-19 12:42 - 2015-01-19 12:42 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-19 12:42 - 2015-01-19 12:42 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apple
2015-01-19 12:42 - 2015-01-19 12:42 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-19 12:41 - 2015-01-19 12:42 - 00000000 ____D () C:\ProgramData\Apple
2015-01-19 12:41 - 2015-01-19 12:41 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-19 12:41 - 2015-01-19 12:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-13 20:09 - 2015-01-13 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-13 20:09 - 2015-01-13 20:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-13 20:07 - 2015-01-13 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-13 20:06 - 2015-01-13 20:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-13 19:04 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:04 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:03 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:03 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:03 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:03 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:02 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 19:02 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 19:02 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 19:02 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 19:02 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:02 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:02 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 08:08 - 2014-01-07 20:00 - 01895923 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 08:05 - 2014-11-19 17:40 - 00000000 ___RD () C:\Users\Jacob\Dropbox
2015-02-06 08:05 - 2014-11-19 17:36 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Dropbox
2015-02-06 08:05 - 2014-02-16 13:12 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\TS3Client
2015-02-06 08:05 - 2014-01-14 15:57 - 00000000 ___RD () C:\Users\Jacob\Google Drive
2015-02-06 08:05 - 2014-01-07 20:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 08:04 - 2014-07-20 08:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 08:04 - 2014-01-18 15:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 08:04 - 2014-01-07 20:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 08:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 08:04 - 2009-07-13 23:51 - 00107339 _____ () C:\Windows\setupact.log
2015-02-05 20:59 - 2014-01-07 20:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 20:53 - 2009-07-13 23:45 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:53 - 2009-07-13 23:45 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:40 - 2014-01-07 20:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 10:52 - 2014-07-26 14:50 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\.technic
2015-01-24 10:34 - 2014-01-07 22:13 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-01-24 09:36 - 2010-11-20 22:47 - 00178544 _____ () C:\Windows\PFRO.log
2015-01-23 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2015-01-22 19:31 - 2014-11-28 19:55 - 00000000 ____D () C:\ProgramData\Ubisoft
2015-01-22 19:30 - 2014-04-25 11:39 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-22 19:30 - 2014-04-25 11:39 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-22 19:29 - 2014-01-09 20:41 - 00653110 _____ () C:\Windows\DirectX.log
2015-01-20 19:41 - 2014-06-24 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free-for-download bundle
2015-01-20 17:15 - 2014-07-19 18:31 - 00000000 ____D () C:\ProgramData\Visicom Media
2015-01-20 17:15 - 2014-07-19 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media
2015-01-20 17:15 - 2014-07-19 18:31 - 00000000 ____D () C:\Program Files\Visicom Media
2015-01-19 17:31 - 2014-11-28 19:55 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Ubisoft
2015-01-19 17:31 - 2014-04-25 11:43 - 00270408 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-19 17:31 - 2014-04-25 11:43 - 00000000 ____D () C:\Users\Jacob\AppData\Local\PunkBuster
2015-01-19 14:53 - 2014-03-14 09:14 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Audacity
2015-01-14 12:52 - 2009-07-13 23:45 - 00445368 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-13 20:13 - 2014-01-07 20:07 - 00113448 _____ () C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-13 20:07 - 2014-01-07 20:04 - 00000000 ____D () C:\Users\Jacob\AppData\Local\VirtualStore
2015-01-12 19:00 - 2009-07-14 00:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Jacob\AppData\Local\Temp\9CBEBe5.exe
C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypmy7f.dll
C:\Users\Jacob\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Jacob\AppData\Local\Temp\ffCc10.exe
C:\Users\Jacob\AppData\Local\Temp\gwunstal.exe
C:\Users\Jacob\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jacob\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe
C:\Users\Jacob\AppData\Local\Temp\optprosetup.exe
C:\Users\Jacob\AppData\Local\Temp\Quarantine.exe
C:\Users\Jacob\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll
C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jacob\AppData\Local\Temp\uninstall_flash_player.exe
C:\Users\Jacob\AppData\Local\Temp\utt6655.tmp.exe
C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-29 18:34

==================== End Of Log ============================


Addition:
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Jacob at 2015-02-06 08:11:13
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Counter Strike Attack (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft Montreal)
Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor Pro 1.19 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIGABYTE OC_GURU (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.10.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU (x32 Version: 1.10.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Unity Web Player (HKU\S-1-5-21-3211221019-2073745177-774551734-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XeMu360 (HKLM-x32\...\XeMu360) (Version: 2.0 - xbox360emulator.net)
XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3211221019-2073745177-774551734-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-01-2015 19:28:29 Installed DirectX
22-01-2015 19:30:41 Installed Ubisoft Game Launcher
24-01-2015 10:33:49 Installed Minecraft
27-01-2015 18:45:52 Windows Update
03-02-2015 18:43:07 Windows Update
05-02-2015 17:02:18 Windows Backup
05-02-2015 20:39:51 Removed Java 7 Update 55

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {47708F94-3399-40ED-99AC-60717BEA448C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {4B414F81-89B8-4DE3-89D4-4C5A0B22B0FD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-13] (Microsoft Corporation)
Task: {65F5C101-F030-4B89-9273-9460E1A8477A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {996B98B1-75DF-4D10-817D-6DE6295BF8B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B07D1B3F-4793-4895-83A1-DAF6764743A7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BA1A78BA-A8AE-40C4-BCC1-758D53EC3556} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-13] (Microsoft Corporation)
Task: {BE8E38C6-3640-4BF2-884C-473F2E0536EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {C9FC9EE4-78CF-426D-B616-B634B0B1B581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {E50EE480-8480-4F92-938A-38C13F674EF6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-07 21:19 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-13 20:06 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-28 19:21 - 2013-03-30 21:20 - 00294912 _____ () C:\Windows\KMSServerService\KMS Server Service.exe
2014-04-25 11:39 - 2015-01-22 19:30 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-13 20:11 - 2015-01-13 20:11 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-01-10 13:41 - 2014-04-24 14:54 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-13 20:07 - 2015-01-13 20:11 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-06 08:04 - 2015-02-06 08:04 - 00098816 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32api.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00110080 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\pywintypes27.dll
2015-02-06 08:04 - 2015-02-06 08:04 - 00364544 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\pythoncom27.dll
2015-02-06 08:04 - 2015-02-06 08:04 - 00045568 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_socket.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 01160704 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_ssl.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00320512 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32com.shell.shell.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00713216 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_hashlib.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 01175040 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._core_.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00805888 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._gdi_.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00811008 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._windows_.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 01062400 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._controls_.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00735232 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._misc_.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00128512 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_elementtree.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00127488 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\pyexpat.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00557056 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\pysqlite2._sqlite.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00087552 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_ctypes.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00119808 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32file.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00108544 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32security.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00007168 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\hashobjs_ext.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00167936 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32gui.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00018432 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32event.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00038912 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32inet.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00011264 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32crypt.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00070656 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._html2.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00027136 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\_multiprocessing.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00035840 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32process.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00686080 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\unicodedata.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00122368 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._wizard.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00024064 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32pipe.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00025600 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32pdh.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00525640 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\windows._lib_cacheinvalidation.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00010240 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\select.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00017408 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32profile.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00022528 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\win32ts.pyd
2015-02-06 08:04 - 2015-02-06 08:04 - 00078336 _____ () C:\Users\Jacob\AppData\Local\Temp\_MEI34764\wx._animate.pyd
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Jacob\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-06 08:05 - 2015-02-06 08:05 - 00043008 _____ () c:\users\jacob\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypmy7f.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Jacob\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Jacob\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Jacob\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-28 19:05 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-09-01 20:20 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 20:20 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 20:20 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 20:20 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-01-07 20:17 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 07:48 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 07:48 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 07:48 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 15:12 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 20:20 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-01-07 20:17 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-07 20:17 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-15 09:18 - 2015-01-15 18:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2015-01-18 14:01 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-18 14:01 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-18 14:01 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-18 14:01 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3211221019-2073745177-774551734-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3211221019-2073745177-774551734-500 - Administrator - Disabled)
Guest (S-1-5-21-3211221019-2073745177-774551734-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3211221019-2073745177-774551734-1002 - Limited - Enabled)
Jacob (S-1-5-21-3211221019-2073745177-774551734-1001 - Administrator - Enabled) => C:\Users\Jacob

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 08:06:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 08:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 08:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACRSP.exe, version: 0.0.0.0, time stamp: 0x4f3bd0f2
Faulting module name: gameoverlayrenderer.dll, version: 2.59.12.64, time stamp: 0x54c2c183
Exception code: 0xc0000005
Fault offset: 0x00066cb5
Faulting process id: 0xe18
Faulting application start time: 0xACRSP.exe0
Faulting application path: ACRSP.exe1
Faulting module path: ACRSP.exe2
Report Id: ACRSP.exe3

Error: (02/05/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACRSP.exe, version: 0.0.0.0, time stamp: 0x4f3bd0f2
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x53159a85
Exception code: 0xc0000005
Fault offset: 0x0001136d
Faulting process id: 0x16a4
Faulting application start time: 0xACRSP.exe0
Faulting application path: ACRSP.exe1
Faulting module path: ACRSP.exe2
Report Id: ACRSP.exe3

Error: (02/05/2015 04:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 08:19:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 06:39:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 09:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/01/2015 07:12:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 04:32:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/04/2015 08:38:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/25/2015 09:02:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (01/25/2015 09:02:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/24/2015 10:35:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/23/2015 04:25:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaGeneration service to connect.

Error: (01/22/2015 07:19:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaGeneration service to connect.

Error: (01/21/2015 06:26:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaGeneration service to connect.

Error: (01/20/2015 08:17:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaGeneration service to connect.

Error: (01/20/2015 08:08:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaGeneration service to connect.

Error: (01/20/2015 08:07:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.


Microsoft Office Sessions:
=========================
Error: (02/06/2015 08:06:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 08:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 08:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACRSP.exe0.0.0.04f3bd0f2gameoverlayrenderer.dll2.59.12.6454c2c183c000000500066cb5e1801d041a26d0c39bbC:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed Revelations\ACRSP.exeC:\Program Files (x86)\Steam\gameoverlayrenderer.dll62fb68d6-ad9e-11e4-a296-001d923c0e4f

Error: (02/05/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACRSP.exe0.0.0.04f3bd0f2kernel32.dll6.1.7601.1840953159a85c00000050001136d16a401d04190794bafa6C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed Revelations\ACRSP.exeC:\Windows\syswow64\kernel32.dlle657cd6a-ad88-11e4-a296-001d923c0e4f

Error: (02/05/2015 04:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 08:19:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 06:39:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 09:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1

Error: (02/01/2015 07:12:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 04:32:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 4095.24 MB
Available physical RAM: 1761.38 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 5600.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:101.12 GB) NTFS
Drive e: (Jacob's External Hard Drive) (Fixed) (Total:465.76 GB) (Free:84.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D016F072)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1EC6A36B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Cypher » February 6th, 2015, 9:34 am

Hi,
We need to run a fix, once done give me an update on how your computer's performing.
If you're having no problems i will give you final instructions.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java 7 Update 55


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: unisaLess -> {444cb7c7-51dc-41ed-ac8c-bbf9980ffcad} -> C:\Program Files (x86)\unisaLess\Mz7xNCgNgjRwaq.x64.dll No File
    BHO-x32: Wondershare AllMyTube 4.2.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll No File
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    2015-01-19 13:54 - 2015-01-20 17:09 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent
    C:\Users\Jacob\AppData\Local\Temp\9CBEBe5.exe
    C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypmy7f.dll
    C:\Users\Jacob\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Jacob\AppData\Local\Temp\ffCc10.exe
    C:\Users\Jacob\AppData\Local\Temp\gwunstal.exe
    C:\Users\Jacob\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Jacob\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Jacob\AppData\Local\Temp\nvSCPAPISvr.exe
    C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe
    C:\Users\Jacob\AppData\Local\Temp\optprosetup.exe
    C:\Users\Jacob\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jacob\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll
    C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Jacob\AppData\Local\Temp\uninstall_flash_player.exe
    C:\Users\Jacob\AppData\Local\Temp\utt6655.tmp.exe
    C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 6th, 2015, 10:14 am

Fixlog:
Code: Select all
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Jacob at 2015-02-06 09:02:53 Run:1
Running from C:\Users\Jacob\Desktop
Loaded Profiles: Jacob (Available profiles: Jacob)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: unisaLess -> {444cb7c7-51dc-41ed-ac8c-bbf9980ffcad} -> C:\Program Files (x86)\unisaLess\Mz7xNCgNgjRwaq.x64.dll No File
BHO-x32: Wondershare AllMyTube 4.2.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll No File
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-19 13:54 - 2015-01-20 17:09 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent
C:\Users\Jacob\AppData\Local\Temp\9CBEBe5.exe
C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypmy7f.dll
C:\Users\Jacob\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Jacob\AppData\Local\Temp\ffCc10.exe
C:\Users\Jacob\AppData\Local\Temp\gwunstal.exe
C:\Users\Jacob\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jacob\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe
C:\Users\Jacob\AppData\Local\Temp\optprosetup.exe
C:\Users\Jacob\AppData\Local\Temp\Quarantine.exe
C:\Users\Jacob\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll
C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jacob\AppData\Local\Temp\uninstall_flash_player.exe
C:\Users\Jacob\AppData\Local\Temp\utt6655.tmp.exe
C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe

EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{444cb7c7-51dc-41ed-ac8c-bbf9980ffcad}" => Key deleted successfully.
"HKCR\CLSID\{444cb7c7-51dc-41ed-ac8c-bbf9980ffcad}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\WSAllMyTubechrome" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EagleX64 => Service deleted successfully.
C:\Users\Jacob\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\9CBEBe5.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypmy7f.dll => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\ffCc10.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\gwunstal.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\uninstall_flash_player.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\utt6655.tmp.exe => Moved successfully.
C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 9.4 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:08:07 ====


My computer seems to be running as it did before UniSales.
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Cypher » February 6th, 2015, 10:23 am

Sasfaction wrote:My computer seems to be running as it did before UniSales.

Excellent :)
Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Sasfaction » February 6th, 2015, 10:28 am

Used the tool and it worked.
Thank you so much for your help!
Sasfaction
Active Member
 
Posts: 6
Joined: February 1st, 2015, 9:33 pm

Re: Win 7 - Can't Get Rid of UniSales (Chrome)

Unread postby Cypher » February 6th, 2015, 10:35 am

Sasfaction wrote:Used the tool and it worked.
Thank you so much for your help!

You're most welcome :)
As you have no questions i will close this topic, good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware