Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

endless popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

endless popups

Unread postby Honeybee » February 7th, 2015, 4:40 pm

Several days ago I downloaded something from a free site (a way to copy audio from youtube to my computer) and ended up with endless popups. I uninstalled all programs that were installed on 2/4 and 2/5 one of which was sales1.1. The popups I have are all unisaless and I found 2 of these program files on my C drive but could not delete them. Computer is running slow, there are numerous popups plus underscored words throughout normal text that show unisales when I hover over them. I've run McAfee and Malwarebytes and supposedly some threats have been found and quarantined but the problems still persist.





DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.67.2
Run by paula at 14:12:20 on 2015-02-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1740 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\ANIWConnService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\ProgramData\{12d8c426-22a5-ef74-12d8-8c42622a1098}\Download (1).exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
C:\Users\paula\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = http://www.dell.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: unissaLuess: {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [PCShowServer] "C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [Octoshape Streaming Services] "C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-140 revB\WZCSLDR2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DOWNLO~1.LNK - C:\ProgramData\{12d8c426-22a5-ef74-12d8-8c42622a1098}\Download (1).exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{05BDB846-8097-444D-8B0F-0C17EC3A4533} : NameServer = 8.8.8.8
TCP: Interfaces\{05BDB846-8097-444D-8B0F-0C17EC3A4533} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FB648127-9CF8-44E2-897B-5973C30E41EE} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: unissaLuess: {69e47c97-ee37-4e14-a8a4-9de7a1acd829} - C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.x64.dll
x64-BHO: unisaaLes: {96d5331b-5ff8-402d-befd-4405d03c3c8d} - C:\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Users\paula\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\paula\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll
FF - plugin: C:\Users\paula\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 348552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-9 55856]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2014-5-27 15872]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-9 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-9 202752]
R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe --> C:\Windows\System32\ANIWConnService.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-4-19 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-4-19 135824]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-13 328928]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-4 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-4 969016]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-2-5 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-13 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-13 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-13 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-13 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-13 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-13 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-1-25 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-25 189912]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-9 115216]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-1-25 72128]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-12-9 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-2-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-4 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-2-4 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-1-25 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-1-25 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-16 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-9 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-9 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-2-7 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-2-7 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-16 1255736]
.
=============== Created Last 30 ================
.
2015-02-07 19:38:25 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-02-07 19:38:23 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-02-07 19:38:23 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-02-07 19:38:22 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-02-07 19:38:21 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-02-07 19:38:21 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-02-07 19:38:21 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-02-04 19:55:31 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-04 19:54:42 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-04 19:54:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-04 19:54:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-04 19:54:41 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-04 19:54:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 14:31:25 -------- d-----w- C:\Program Files (x86)\02527486-c2b3-43ef-82f7-2884ee5f2e4d
2015-02-04 14:31:12 -------- d-----w- C:\Users\paula\AppData\Local\Pro_PC_Cleaner
2015-02-04 14:27:34 -------- d-----w- C:\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb
2015-02-04 14:20:55 -------- d-----w- C:\Program Files (x86)\decodit
2015-02-04 14:20:30 -------- d-----w- C:\Program Files (x86)\unisaaLes
2015-02-04 14:20:18 -------- d-----w- C:\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp
2015-02-03 16:14:32 -------- d-----w- C:\Program Files (x86)\Shoeboxed Web Clipper
2015-02-03 16:13:56 -------- d-----w- C:\Program Files (x86)\unissaLuess
2015-02-03 16:13:45 -------- d-----w- C:\ProgramData\5334483998530784437
2015-02-03 16:13:40 -------- d-----w- C:\Program Files (x86)\uniSaless
2015-02-03 16:13:08 -------- d-----w- C:\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj
2015-02-03 16:12:17 -------- d-----w- C:\ProgramData\{12d8c426-22a5-ef74-12d8-8c42622a1098}
2015-01-24 13:17:01 -------- d-----w- C:\Users\paula\AppData\Roaming\OpenOffice.org
2015-01-22 16:03:58 -------- d-----w- C:\Program Files (x86)\JRE
2015-01-22 16:03:42 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2015-01-15 11:57:27 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 14:03:07 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 14:03:07 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 14:03:07 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 14:03:06 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 14:03:03 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 14:03:02 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 14:03:02 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 14:03:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 14:03:02 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 14:03:02 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 14:03:02 296960 ----a-w- C:\Windows\System32\rstrui.exe
.
==================== Find3M ====================
.
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
.
============= FINISH: 14:14:42.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2012 5:44:27 PM
System Uptime: 2/7/2015 1:42:49 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 411.745 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 6.71 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 2/4/2015 9:06:08 AM - 01/31/2015
RP4: 2/7/2015 1:33:10 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Banner Maker Pro Version 7
Bonjour
CyberLink PowerDVD 9.5
D-Link RangeBooster N DWA-140
DIRECTV Player
DirectX 9 Runtime
Download Navigator
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON Scan
EPSON XP-300 Series Printer Uninstall
File Uploader
FTP Commander
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
iTunes
Java 7 Update 67
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LTCM Client
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee SiteAdvisor
McAfee Virtual Technician
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft FrontPage 2002
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
Octoshape Streaming Services
Open Freely
OpenOffice.org 3.1
PhotoShowExpress
Picasa 3
PIXresizer
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Shared C Run-time for x64
Sonic CinePlayer Decoder Pack
UpdateAdmin
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
2/5/2015 9:52:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
2/5/2015 9:33:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
2/5/2015 9:33:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
2/5/2015 9:29:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/5/2015 9:29:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/5/2015 9:29:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/5/2015 9:29:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/5/2015 9:29:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
2/5/2015 9:29:32 AM, Error: Service Control Manager [7001] - The Epson Scanner Service service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The dependency service or group failed to start.
2/5/2015 9:29:32 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
2/5/2015 10:41:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/5/2015 10:00:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2015 8:51:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.
2/4/2015 8:51:04 AM, Error: Service Control Manager [7000] - The cozaghost service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm
Advertisement
Register to Remove

Re: endless popups

Unread postby Gary R » February 8th, 2015, 2:13 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Gary R » February 8th, 2015, 2:17 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear signs of infection on your computer, however before we start to clean your machine I'd like you to run a couple of additional scans for me, so that I've got a more complete picture of what we need to deal with.

First ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I'd like you to run a search for me using FRST.

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;unisaaLes;unissaLuess

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Addition.txt
  • ADWCleaner log
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 8th, 2015, 3:06 pm

I have backed up my files and registry. Ran Frst.64 and the logs are attached below. While scanning, my mcafee antivirus program flashed on warning there was a potentially dangerous file being blocked. I closed the message and let the scan continue to run. Will send the adwcleaner log and search.txt in a 2nd reply.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by paula (administrator) on MININT-8L86P5C on 08-02-2015 12:41:41
Running from C:\Users\paula\Downloads
Loaded Profiles: paula (Available profiles: paula)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Windows\SysWOW64\ANIWConnService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Cisco) C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\paula\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [286720 2007-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [485208 2008-09-30] (Nikon Corporation)
HKLM-x32\...\Run: [ANIWZCS2Service] => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM-x32\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-140 revB\WZCSLDR2.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Run: [PCShowServer] => C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Run: [Octoshape Streaming Services] => C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = https://search.yahoo.com/search?fr=mcaf ... 0140714&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.x64.dll ()
BHO: unisaaLes -> {96d5331b-5ff8-402d-befd-4405d03c3c8d} -> C:\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{05BDB846-8097-444D-8B0F-0C17EC3A4533}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @nds.com/PlayerPlugin -> C:\Users\paula\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @nds.com/PlayerPlugin64 -> C:\Users\paula\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: NDS.com/PlayerPlugin -> C:\Users\paula\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin ProgramFiles/Appdata: C:\Users\paula\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: WebZoom - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\sdd@webzoom.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-01-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://taplika.com/?f=7&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tools for Amazon's Mechanical Turk) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoffgjejcepnijgahpckhajchahfpojo [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Turkopticon) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-01-13]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-01-13]
CHR Extension: (SiteAdvisor) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-03-05]
CHR Extension: (Bookmark Manager) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Shoeboxed Web Clipper) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi [2015-02-03]
CHR Extension: (Gmail) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:41 - 2015-02-08 12:42 - 00024915 _____ () C:\Users\paula\Downloads\FRST.txt
2015-02-08 12:41 - 2015-02-08 12:41 - 02132992 _____ (Farbar) C:\Users\paula\Downloads\FRST64.exe
2015-02-08 12:41 - 2015-02-08 12:41 - 00000000 ____D () C:\FRST
2015-02-08 12:28 - 2015-02-08 12:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MININT-8L86P5C-Windows-7-Home-Premium-(64-bit).dat
2015-02-08 12:21 - 2015-02-08 12:21 - 00000000 ____D () C:\RegBackup
2015-02-08 12:17 - 2015-02-08 12:17 - 01367040 _____ (Indigo Rose Corporation) C:\Users\paula\Documents\uninstall.exe
2015-02-08 12:17 - 2015-02-08 12:17 - 00325960 _____ () C:\Users\paula\Documents\lua5.1.dll
2015-02-08 12:17 - 2015-02-08 12:17 - 00001737 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\Uninstall
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\files
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\color_presets
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-08 12:11 - 2015-02-08 12:11 - 04803888 _____ () C:\Users\paula\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-08 12:07 - 2015-02-08 12:07 - 00002986 _____ () C:\Windows\System32\Tasks\{DAA8FBA1-D671-417D-ACF2-5147F35C71A8}
2015-02-08 12:07 - 2015-02-08 12:07 - 00002986 _____ () C:\Windows\System32\Tasks\{0E1B274D-BFB9-42B6-AC74-3157B0907D1E}
2015-02-08 11:59 - 2015-02-08 12:00 - 00000000 ____D () C:\Users\paula\Downloads\family pics2
2015-02-08 11:58 - 2015-02-08 11:58 - 00000000 ____D () C:\Users\paula\Downloads\fringe
2015-02-08 11:57 - 2015-02-08 11:57 - 00000000 ____D () C:\Users\paula\Downloads\web stuff
2015-02-08 11:41 - 2015-02-08 11:41 - 394148379 _____ () C:\Windows\MEMORY.DMP
2015-02-08 11:41 - 2015-02-08 11:41 - 00274616 _____ () C:\Windows\Minidump\020815-13291-01.dmp
2015-02-07 14:15 - 2015-02-07 14:16 - 00006026 _____ () C:\Users\paula\Desktop\attach.txt
2015-02-07 14:15 - 2015-02-07 14:15 - 00025073 _____ () C:\Users\paula\Desktop\dds.txt
2015-02-07 14:11 - 2015-02-07 14:11 - 00688992 ____R (Swearware) C:\Users\paula\Downloads\dds.scr
2015-02-07 13:39 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-07 13:39 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-07 13:39 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-07 13:39 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-07 13:39 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-07 13:39 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-07 13:39 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-07 13:39 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-07 13:39 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-07 13:39 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-07 13:39 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-07 13:39 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-07 13:39 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-07 13:39 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-07 13:39 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-07 13:39 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-07 13:39 - 2013-10-01 14:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-07 13:39 - 2013-10-01 14:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-07 13:38 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-07 13:38 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-07 13:38 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-02-07 13:38 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-02-07 13:38 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-07 13:38 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-02-07 13:38 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-06 11:00 - 2015-02-06 11:01 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk) (2).user.js
2015-02-06 10:57 - 2015-02-06 10:57 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk) (1).user.js
2015-02-06 10:53 - 2015-02-06 10:53 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk).user.js
2015-02-05 11:13 - 2015-02-05 11:14 - 37987520 _____ (Microsoft Corporation) C:\Users\paula\Downloads\Windows-KB890830-x64-V5.20.exe
2015-02-05 11:12 - 2015-02-05 11:12 - 02238600 _____ (Microsoft Corporation) C:\Users\paula\Downloads\DefaultPack.EXE
2015-02-04 13:55 - 2015-02-08 11:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 13:54 - 2015-02-04 13:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 13:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 13:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 13:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 13:51 - 2015-02-04 13:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\paula\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-04 13:50 - 2015-02-04 13:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\paula\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 08:31 - 2015-02-04 08:31 - 00003472 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-02-04 08:31 - 2015-02-04 08:31 - 00003208 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Users\paula\Documents\ProPCCleaner
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Users\paula\AppData\Local\Pro_PC_Cleaner
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Program Files (x86)\02527486-c2b3-43ef-82f7-2884ee5f2e4d
2015-02-04 08:27 - 2015-02-04 08:27 - 00000000 ____D () C:\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb
2015-02-04 08:20 - 2015-02-07 12:14 - 00000000 ____D () C:\Program Files (x86)\unisaaLes
2015-02-04 08:20 - 2015-02-04 08:28 - 00000000 ____D () C:\Program Files (x86)\decodit
2015-02-04 08:20 - 2015-02-04 08:20 - 00000000 ____D () C:\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp
2015-02-03 10:14 - 2015-02-03 10:14 - 00000000 ____D () C:\Program Files (x86)\Shoeboxed Web Clipper
2015-02-03 10:13 - 2015-02-07 08:37 - 00000000 ____D () C:\Program Files (x86)\uniSaless
2015-02-03 10:13 - 2015-02-07 08:04 - 00000000 ____D () C:\Program Files (x86)\unissaLuess
2015-02-03 10:13 - 2015-02-03 10:13 - 00000000 ____D () C:\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj
2015-02-03 10:13 - 2015-02-03 10:13 - 00000000 ____D () C:\ProgramData\5334483998530784437
2015-02-03 10:12 - 2015-02-08 11:48 - 00000000 ____D () C:\ProgramData\{12d8c426-22a5-ef74-12d8-8c42622a1098}
2015-01-27 06:56 - 2015-01-27 06:56 - 00184964 _____ () C:\Users\paula\Downloads\pool5.jpeg
2015-01-24 07:17 - 2015-01-24 07:17 - 00000000 ____D () C:\Users\paula\AppData\Roaming\OpenOffice.org
2015-01-22 11:05 - 2015-01-22 11:05 - 00003176 ____N () C:\bootsqm.dat
2015-01-22 10:22 - 2015-01-22 10:22 - 00007618 _____ () C:\Users\paula\AppData\Local\Resmon.ResmonCfg
2015-01-22 10:06 - 2015-01-22 10:07 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
2015-01-22 10:03 - 2015-01-22 10:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-22 10:03 - 2015-01-22 10:03 - 00000000 ____D () C:\Program Files (x86)\JRE
2015-01-22 10:00 - 2015-01-22 10:00 - 00000064 _____ () C:\Users\paula\AppData\Local\86682efb36002043a57abac7b394fa8d
2015-01-22 09:59 - 2015-01-22 09:59 - 00003848 _____ () C:\Windows\System32\Tasks\UpdateAdmin
2015-01-22 09:52 - 2015-01-22 09:53 - 79310960 _____ () C:\Users\paula\Downloads\openofficesuite-setup.exe
2015-01-22 07:20 - 2015-01-28 07:23 - 03147008 _____ (Tweaking.com) C:\Users\paula\Documents\TweakingFormControls.ocx
2015-01-21 13:02 - 2015-01-21 13:02 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-15 09:52 - 2015-01-15 09:52 - 00584560 _____ (McAfee, Inc.) C:\Users\paula\Downloads\MVTInstaller.exe
2015-01-15 05:57 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:03 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:03 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:03 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:03 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:03 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:03 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:03 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:03 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:03 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:03 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:03 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:39 - 2012-05-17 20:51 - 00000679 _____ () C:\Users\paula\Documents\Settings.ini
2015-02-08 12:18 - 2012-11-14 06:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 12:09 - 2014-05-27 13:31 - 00003284 _____ () C:\Windows\SysWOW64\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2015-02-08 12:09 - 2014-05-27 13:31 - 00003284 _____ () C:\Users\paula\AppData\Roaming\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2015-02-08 12:09 - 2011-12-09 09:49 - 01281717 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:53 - 2009-07-13 23:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 11:50 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:50 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:47 - 2013-01-25 10:40 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-02-08 11:47 - 2013-01-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-08 11:45 - 2011-12-09 10:15 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-08 11:42 - 2012-11-14 06:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 11:41 - 2014-11-17 06:40 - 00000000 ____D () C:\Windows\Minidump
2015-02-08 11:41 - 2012-04-15 16:44 - 00000000 ____D () C:\Users\paula
2015-02-08 11:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:41 - 2009-07-13 22:51 - 00118948 _____ () C:\Windows\setupact.log
2015-02-07 14:06 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-07 13:43 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 13:42 - 2010-11-20 21:47 - 00229628 _____ () C:\Windows\PFRO.log
2015-02-07 13:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-06 06:08 - 2013-01-25 10:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-05 08:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:26 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-04 14:25 - 2010-11-21 01:16 - 00000000 ____D () C:\Windows\ShellNew
2015-02-04 09:06 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\restore
2015-02-02 16:24 - 2013-04-17 13:47 - 00000000 ____D () C:\Users\paula\AppData\Roaming\SoftGrid Client
2015-02-02 13:55 - 2012-05-24 11:38 - 00000000 ___SD () C:\Users\paula\Documents\My Webs
2015-01-30 18:17 - 2012-05-02 16:59 - 01418496 _____ (Tweaking.com) C:\Users\paula\Documents\TweakingRegistryBackup.exe
2015-01-30 06:24 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 07:39 - 2012-05-02 16:58 - 00018431 _____ () C:\Users\paula\Documents\TweakingRegistryBackup.exe.manifest
2015-01-27 05:19 - 2012-11-14 06:06 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-22 10:16 - 2012-05-24 11:34 - 00096456 _____ () C:\Users\paula\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 10:16 - 2009-07-13 22:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 09:53 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Resources
2015-01-18 08:28 - 2014-02-08 06:05 - 00000722 ____H () C:\Users\paula\Downloads\.picasa.ini
2015-01-18 08:27 - 2014-05-17 06:27 - 00000000 ___HD () C:\Users\paula\Downloads\.picasaoriginals
2015-01-17 18:02 - 2013-04-17 13:47 - 00775586 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 18:36 - 2013-08-14 16:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:05 - 2013-04-24 08:50 - 00000730 _____ () C:\Users\paula\Sti_Trace.log

==================== Files in the root of some directories =======

2014-05-27 13:31 - 2015-02-08 12:09 - 0003284 _____ () C:\Users\paula\AppData\Roaming\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2014-01-26 11:53 - 2014-01-26 11:53 - 0000268 ___RH () C:\Users\paula\AppData\Roaming\Synth Leads
2015-01-22 10:00 - 2015-01-22 10:00 - 0000064 _____ () C:\Users\paula\AppData\Local\86682efb36002043a57abac7b394fa8d
2015-01-22 10:22 - 2015-01-22 10:22 - 0007618 _____ () C:\Users\paula\AppData\Local\Resmon.ResmonCfg
2014-01-25 12:21 - 2014-09-09 06:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-01-26 11:53 - 2014-01-26 11:53 - 0000268 ___RH () C:\ProgramData\SystemConfiguration
2014-01-26 11:53 - 2014-01-26 11:53 - 0000012 ___RH () C:\ProgramData\Track Settings

Some content of TEMP:
====================
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe
C:\Users\paula\AppData\Local\Temp\57377.exe
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe
C:\Users\paula\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 10:40

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by paula at 2015-02-08 12:43:35
Running from C:\Users\paula\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
Banner Maker Pro Version 7 (HKLM-x32\...\Banner Maker Pro 7_is1) (Version: - GatorData, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
D-Link RangeBooster N DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link)
Download Navigator (HKLM-x32\...\{D0735505-251C-41E4-A64A-D6D0A5E8FB4D}) (Version: 3.4.2 - SEIKO EPSON CORPORATION)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version: - SEIKO EPSON Corporation)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
FTP Commander (HKLM-x32\...\FTP Commander) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft FrontPage 2002 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.3.0 - Nikon)
Octoshape Streaming Services (HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.7 - Bluefive software)
QuickTime (HKLM-x32\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-580328012-1814326237-2248955246-1003_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\paula\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)

==================== Restore Points =========================

04-02-2015 09:06:08 01/31/2015
07-02-2015 13:33:10 Windows Update
08-02-2015 11:39:08 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFC4455-4D1D-4D6B-8859-33FA0324B592} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {107FDEA6-D515-40A7-A7D2-5B6D00A2A809} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {1E4EB7A5-4D5D-4688-BA22-1E06D5188CC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4CF2549B-45C4-4C79-A770-1199650BF5B0} - System32\Tasks\UpdateAdmin => C:\Users\paula\AppData\Local\UpdateAdmin\UpdateAdmin.exe
Task: {58627D89-7B49-4FA9-AFD4-BF5C69441EFF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6CCD3D15-2491-4CA8-B591-87EFC3272BD7} - System32\Tasks\{DAA8FBA1-D671-417D-ACF2-5147F35C71A8} => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [2009-09-18] (D-Link Corp.)
Task: {759D5207-9163-4532-AFF0-2F2563736C66} - System32\Tasks\{0E1B274D-BFB9-42B6-AC74-3157B0907D1E} => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [2009-09-18] (D-Link Corp.)
Task: {9EB03546-F779-41B4-BC6D-80CEBEE17111} - \95b4028d-5a73-4ee5-9550-64281d62ffcd-10_user No Task File <==== ATTENTION
Task: {B96B86A5-A57F-4F96-A0B5-161C84BEE18B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {DFF69022-78BF-4611-993C-B60A0A6010D2} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-27 13:30 - 2009-07-07 19:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2014-09-16 13:51 - 2014-09-16 13:51 - 01387880 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 13:29 - 2009-06-01 13:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
2014-05-27 13:28 - 2009-06-01 13:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 11475296 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02948448 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00339296 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02106728 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00689000 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 01403224 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00091976 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\z.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00205672 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00060272 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00043880 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00044896 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08296288 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-02-06 18:03 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\paula\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\paula\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-580328012-1814326237-2248955246-500 - Administrator - Disabled)
Guest (S-1-5-21-580328012-1814326237-2248955246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-580328012-1814326237-2248955246-1004 - Limited - Enabled)
paula (S-1-5-21-580328012-1814326237-2248955246-1003 - Administrator - Enabled) => C:\Users\paula

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 11:42:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4705661

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4705661

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4704647

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4704647

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4703649

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4703649

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/08/2015 11:44:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (02/08/2015 11:41:18 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000006f8, 0xfffff80003265b7e)C:\Windows\MEMORY.DMP020815-13291-01

Error: (02/08/2015 11:41:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:39:46 AM on ‎2/‎8/‎2015 was unexpected.

Error: (02/07/2015 09:39:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/05/2015 07:25:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/05/2015 10:41:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (02/05/2015 10:00:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2015 10:00:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2015 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2015 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/08/2015 11:42:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4705661

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4705661

Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4704647

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4704647

Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4703649

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4703649

Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 64%
Total physical RAM: 3838.98 MB
Available physical RAM: 1369.79 MB
Total Pagefile: 7676.14 MB
Available Pagefile: 4660.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.09 GB) (Free:411.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AF04F22F)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 8th, 2015, 3:12 pm

Results of the adwcleaner below:

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 13:08:24
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : paula - MININT-8L86P5C
# Running from : C:\Users\paula\Downloads\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml
File Found : C:\Users\paula\Documents\Uninstall.exe
Folder Found : C:\Program Files (x86)\BearShare Applications
Folder Found : C:\Program Files (x86)\unisaaLes
Folder Found : C:\Program Files (x86)\uniSaless
Folder Found : C:\Program Files (x86)\unissaLuess
Folder Found : C:\ProgramData\5334483998530784437
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp
Folder Found : C:\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj
Folder Found : C:\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb
Folder Found : C:\Users\paula\AppData\Local\Pro_PC_Cleaner
Folder Found : C:\Users\paula\Documents\ProPCCleaner

***** [ Scheduled tasks ] *****

Task Found : ProPCCleaner_Start
Task Found : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : HKCU\Software\ProPCCleanerConfig
Key Found : HKCU\Software\ProPCCleanerLanguage
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1}
Key Found : [x64] HKCU\Software\ProPCCleanerConfig
Key Found : [x64] HKCU\Software\ProPCCleanerLanguage
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\SOFTWARE\Classes\P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_
Key Found : HKLM\SOFTWARE\Classes\P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.9
Key Found : HKLM\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_
Key Found : HKLM\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.9
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[ue2fhs5a.default] - Line Found : user_pref("browser.search.defaultenginename", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.selectedEngine", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=2457&r=2015/02/04&hid=5778463939216614492&lg=EN&cc=US&unqvl=74&l=1&q=");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ue2fhs5a.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v40.0.2214.93

*************************

AdwCleaner[R0].txt - [7101 bytes] - [08/02/2015 13:08:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7160 bytes] ##########
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 8th, 2015, 3:19 pm

2nd Frst64.exe scan results below:

Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by paula at 2015-02-08 13:17:12
Running from C:\Users\paula\Downloads
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;unisaaLes;unissaLuess" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "unisaaLes" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
""="unisaaLes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P96d5331b_5ff8_402d_befd_4405d03c3c8d_.P96d5331b_5ff8_402d_befd_4405d03c3c8d_]
""="unisaaLes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
""="unisaaLes"


===================== Search result for "unissaLuess" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
""="unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_]
""="unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}\1.0\HELPDIR]
""="C:\Program Files (x86)\unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}\InprocServer32]
""="C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}\1.0\HELPDIR]
""="C:\Program Files (x86)\unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
""="unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
""="unissaLuess"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}\InprocServer32]
""="C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}\1.0\HELPDIR]
""="C:\Program Files (x86)\unissaLuess"

====== End Of Search ======
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 9th, 2015, 2:49 am

OK, let's set about getting your machine clean.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 7 Update 67
Google Chrome


Old out of date versions of Java can be exploited. Unless you have a specific need for Java, I would not bother having it installed. Very few websites use Java these days (as opposed to Javascript, which almost all websites use, and which is not the same thing at all) and most people get on fine without it. Personally I have not had it installed on my computer for over 2 years now, and I can't remember the last time I couldn't see any web content because I didn't have it.

If you absolutely must use java, then always use the latest version. Java is often exploited.

Your current version of Google Chrome has been modified to the Dev Build so that the inbuilt security features of Chrome are not switched on ...

CHR dev: Chrome dev build detected! <======= ATTENTION


... if you have done this yourself, please let me know, if not, then you need to uninstall Chrome. You can install a new copy when your computer is clean.

When you uninstall it, you may be asked if you want to get rid of your saved settings, if so, you need to purge your settings. Do not save them or you will get re-infected.

Reboot your computer once the two programs are uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} URL = http://taplika.com/results.php?f=4&q= {searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
BHO: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.x64.dll ()
BHO: unisaaLes -> {96d5331b-5ff8-402d-befd-4405d03c3c8d} -> C:\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll No File
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF SearchPlugin: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml
FF Extension: WebZoom - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\sdd@webzoom.com [2015-02-04]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://taplika.com/?f=7&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir="
2015-02-04 08:20 - 2015-02-07 12:14 - 00000000 ____D () C:\Program Files (x86)\unisaaLes
2015-02-03 10:13 - 2015-02-07 08:37 - 00000000 ____D () C:\Program Files (x86)\uniSaless
2015-02-03 10:13 - 2015-02-07 08:04 - 00000000 ____D () C:\Program Files (x86)\unissaLuess
Task: {9EB03546-F779-41B4-BC6D-80CEBEE17111} - \95b4028d-5a73-4ee5-9550-64281d62ffcd-10_user No Task File <==== ATTENTION
[-HKEY_USERS\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P96d5331b_5ff8_402d_befd_4405d03c3c8d_.P96d5331b_5ff8_402d_befd_4405d03c3c8d_]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Fixlog.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 8:30 am

Gary, every time I try to uninstall Java, I get the window saying it is "preparing to remove" but it does not get uninstalled. Then I get a message saying update 67 is requesting permission to make changes to your computer. I haven't allowed this - should I? Not sure if this is the final step to uninstalling or something else is going on and didn't want to take the chance to approve it. Also Mcaffee message saying a potentially dangerous program is being blocked "multiplug-FVG".

Chrome is uninstalled, but please advise about the java uninstallation. Thanks.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 9:07 am

Just to uninstall Java again and my screen went blue, then shut down. I was able to get back on, but I'll wait for your reply before I try to uninstall again.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 9th, 2015, 9:14 am

Leave Java alone for the time being, we can come back to it later. Just follow the rest of the instructions in my last post, and post me the logs please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 9:58 am

results of adwcleaner:

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 07:54:53
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : paula - MININT-8L86P5C
# Running from : C:\Users\paula\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\5334483998530784437
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\Program Files (x86)\unisaaLes
Folder Deleted : C:\Program Files (x86)\uniSaless
Folder Deleted : C:\Program Files (x86)\unissaLuess
Folder Deleted : C:\Users\paula\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\paula\Documents\ProPCCleaner
Folder Deleted : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\at5U@PVym1.org
Folder Deleted : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\C501y@n.net
Folder Deleted : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\T@xGr.net
Folder Deleted : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\XyAzXXH@dYio.com
Folder Deleted : C:\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp
Folder Deleted : C:\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj
Folder Deleted : C:\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb
File Deleted : C:\Users\paula\Documents\Uninstall.exe
File Deleted : C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml

***** [ Scheduled tasks ] *****

Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_
Key Deleted : HKLM\SOFTWARE\Classes\P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.P2797fe60_9ca1_4816_9bae_6d5a2a6a4d13_.9
Key Deleted : HKLM\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_
Key Deleted : HKLM\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2797fe60-9ca1-4816-9bae-6d5a2a6a4d13}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=2457&r=2015/02/04&hid=5778463939216614492&lg=EN&cc=US&unqvl=74&l=1&q=");
[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[ue2fhs5a.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v

[C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
[C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
[C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2459&r=2015/02/04&hid=5778463939216614492&lg=EN&cc=US&unqvl=74

*************************

AdwCleaner[R0].txt - [7303 bytes] - [08/02/2015 13:08:24]
AdwCleaner[R1].txt - [8910 bytes] - [09/02/2015 07:48:28]
AdwCleaner[S0].txt - [8728 bytes] - [09/02/2015 07:54:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8787 bytes] ##########
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 10:20 am

results from fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by paula at 2015-02-09 08:15:10 Run:1
Running from C:\Users\paula\Documents\New folder
Loaded Profiles: paula (Available profiles: paula)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} URL = http://taplika.com/results.php?f=4&q= {searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
BHO: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.x64.dll ()
BHO: unisaaLes -> {96d5331b-5ff8-402d-befd-4405d03c3c8d} -> C:\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll No File
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF SearchPlugin: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml
FF Extension: WebZoom - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\sdd@webzoom.com [2015-02-04]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://taplika.com/?f=7&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir="
2015-02-04 08:20 - 2015-02-07 12:14 - 00000000 ____D () C:\Program Files (x86)\unisaaLes
2015-02-03 10:13 - 2015-02-07 08:37 - 00000000 ____D () C:\Program Files (x86)\uniSaless
2015-02-03 10:13 - 2015-02-07 08:04 - 00000000 ____D () C:\Program Files (x86)\unissaLuess
Task: {9EB03546-F779-41B4-BC6D-80CEBEE17111} - \95b4028d-5a73-4ee5-9550-64281d62ffcd-10_user No Task File <==== ATTENTION
[-HKEY_USERS\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\INTERNET EXPLORER\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WINDOWS\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P96d5331b_5ff8_402d_befd_4405d03c3c8d_.P96d5331b_5ff8_402d_befd_4405d03c3c8d_]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d5331b-5ff8-402d-befd-4405d03c3c8d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}]
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} => Key not found.
HKCR\CLSID\{1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKCR\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d5331b-5ff8-402d-befd-4405d03c3c8d}" => Key deleted successfully.
"HKCR\CLSID\{96d5331b-5ff8-402d-befd-4405d03c3c8d}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKCR\Wow6432Node\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
"C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml" => not found.
C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\sdd@webzoom.com => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome StartupUrls deleted successfully.
"C:\Program Files (x86)\unisaaLes" => File/Directory not found.
"C:\Program Files (x86)\uniSaless" => File/Directory not found.
"C:\Program Files (x86)\unissaLuess" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB03546-F779-41B4-BC6D-80CEBEE17111}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB03546-F779-41B4-BC6D-80CEBEE17111}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\95b4028d-5a73-4ee5-9550-64281d62ffcd-10_user" => Key deleted successfully.
HKEY_USERS\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\INTERNET EXPLORER\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WINDOWS\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96d5331b-5ff8-402d-befd-4405d03c3c8d} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P96d5331b_5ff8_402d_befd_4405d03c3c8d_.P96d5331b_5ff8_402d_befd_4405d03c3c8d_ => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P96d5331b_5ff8_402d_befd_4405d03c3c8d_.P96d5331b_5ff8_402d_befd_4405d03c3c8d_ => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d5331b-5ff8-402d-befd-4405d03c3c8d} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P69e47c97_ee37_4e14_a8a4_9de7a1acd829_.P69e47c97_ee37_4e14_a8a4_9de7a1acd829_ => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69e47c97-ee37-4e14-a8a4-9de7a1acd829} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E} => Key not found.

==== End of Fixlog 08:17:04 ====

Have not gotten any strange popups since running this.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 9th, 2015, 11:55 am

The scans we've run so far have been specific to the infection we've been dealing with, and their scope is fairly subscribed, so I'd like to run a more general scan with a wider ranging scope. Infections like yours often come with "fellow travellers", so I'd like to make sure we've got everything.

Please run a scan with ESET Online Scanner the scan will take quite a time to complete, but it's very thorough.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 12:12 pm

Directions to disable Mcaffee Security directed me to areas that didn't exist when I opened the program. I turned off firewall and real time scanning. Does this qualify as disabling it? Want to be sure before I continue.

Also am having a big lag in my keystrokes now.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 2:27 pm

scan finished showing 33% completed.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.exe.vir a variant of Win32/BHOUninstaller.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll.vir a variant of Win64/Adware.MultiPlug.F application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp\pGhL4o.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj\yuRtRJxLzG.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb\ZF.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\at5U@PVym1.org\content\bg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\C501y@n.net\content\bg.js.vir JS/Kryptik.ATL trojan
C:\AdwCleaner\Quarantine\C\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\T@xGr.net\content\bg.js.vir JS/Kryptik.ATL trojan
C:\AdwCleaner\Quarantine\C\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\XyAzXXH@dYio.com\content\bg.js.vir JS/Kryptik.ATB trojan
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js JS/Kryptik.ATB trojan
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js JS/Kryptik.ATB trojan
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js JS/Kryptik.ATB trojan
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js JS/Kryptik.ATB trojan
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\57377.exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe a variant of Win32/OutBrowse.BA potentially unwanted application
C:\Users\paula\AppData\Local\Temp\910F\temp\Download (1).exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\Download (2).exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\putfu.xyz a variant of Win32/Adware.MultiPlug.ER application
C:\Users\paula\AppData\Local\Temp\DA027A\temp\Download (1).exe a variant of Win32/Adware.MultiPlug.EP application
C:\Users\paula\AppData\Local\Temp\DA027A\temp\putfu.xyz a variant of Win32/Adware.MultiPlug.ER application
C:\Users\paula\Downloads\openofficesuite-setup.exe a variant of Win32/DownloadAdmin.I potentially unwanted application
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware