Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BHO, Hyperlinks, popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

BHO, Hyperlinks, popups

Unread postby bama2719 » March 16th, 2015, 2:40 am

I am sure I have a virus, and I need your help to get rid of it. Any and all help is appreciated! All pages have hyperlinks and popups keep happening. I've done scans and all I know to do and nothing is helping. You are my last hope. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BamaBrat (administrator) on TRACY on 16-03-2015 02:25:22
Running from C:\Users\BamaBrat\Downloads
Loaded Profiles: BamaBrat (Available profiles: BamaBrat)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisBA35.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-04] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\BamaBrat\Downloads\dds(1).scr [688992 2015-03-16] (Swearware)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid= ... S&unqvl=84
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... cer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... cer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> DefaultScope {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={2EC34E01-1DA2-4EF9-88D1-95499606C14B}&mid=9aee6fcbe10047cda1e4f123cc4240f6-8433249c9a3703b89d4bc06f969cc5cfe03df33b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-07 21:27:52&v=4.0.6.10&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {F5A217BE-AF39-11E4-825F-206A8AA6A905} URL = http://search.homepage-web.com/?src=omn ... er=acer&q={searchTerms}
BHO: youtubeadblocker -> {1e45cd8b-bb2e-472b-8d87-a19287b981d4} -> C:\Program Files (x86)\youtubeadblocker\YHad8UzCYgCSwI.x64.dll [2015-03-14] ()
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-04] (AVG)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO: UniDeals -> {b553dcdd-2c61-46da-9856-ef7df7570efd} -> C:\Program Files (x86)\UniDeals\nyL6XWabKR5b3G.x64.dll [2015-03-14] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-04] (AVG)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-07] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF DefaultSearchEngine: Yahoo
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Yahoo
FF SelectedSearchEngine,S: WebSearch
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\avg-secure-search.xml [2015-02-07]
FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\Web Search.xml [2015-02-07]
FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\WebSearch.xml [2015-03-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-03-04]
FF Extension: youtubeadblocker - C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\5cx3LI@XK8UX.com [2015-03-14]
FF Extension: AVG Web TuneUp - C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\avg@toolbar [2015-02-07]
FF Extension: UNNiDDealosua - C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\bK@2UYD.org [2015-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1516968 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-02-08] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-04] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-02-20] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 02:25 - 2015-03-16 02:28 - 00020228 _____ () C:\Users\BamaBrat\Downloads\FRST.txt
2015-03-16 02:25 - 2015-03-16 02:25 - 00000000 ____D () C:\FRST
2015-03-16 02:24 - 2015-03-16 02:24 - 02095616 _____ (Farbar) C:\Users\BamaBrat\Downloads\FRST64.exe
2015-03-16 02:22 - 2015-03-16 02:22 - 00688992 _____ (Swearware) C:\Users\BamaBrat\Downloads\dds.com
2015-03-16 02:17 - 2015-03-16 02:17 - 00001178 _____ () C:\Users\BamaBrat\Desktop\dds(1) - Shortcut.lnk
2015-03-16 02:15 - 2015-03-16 02:15 - 00688992 _____ (Swearware) C:\Users\BamaBrat\Downloads\dds(2).scr
2015-03-16 02:11 - 2015-03-16 02:11 - 00688992 _____ (Swearware) C:\Users\BamaBrat\Downloads\dds(1).scr
2015-03-16 02:09 - 2015-03-16 02:10 - 00688992 _____ (Swearware) C:\Users\BamaBrat\Downloads\dds.scr
2015-03-16 01:57 - 2015-03-16 01:57 - 00000000 ____D () C:\Users\BamaBrat\Downloads\backups
2015-03-16 01:47 - 2015-03-16 01:47 - 00010961 _____ () C:\Users\BamaBrat\Downloads\hijackthis.log
2015-03-16 01:46 - 2015-03-16 01:46 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-03-16 01:45 - 2015-03-16 01:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\BamaBrat\Downloads\HijackThis.exe
2015-03-16 01:44 - 2015-03-16 01:44 - 00004274 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-03-16 01:42 - 2015-03-16 01:45 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-16 01:42 - 2015-03-16 01:44 - 00000000 ____D () C:\Program Files\Reimage
2015-03-16 01:42 - 2015-03-16 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-03-16 01:41 - 2015-03-16 01:46 - 00000000 ____D () C:\rei
2015-03-16 01:39 - 2015-03-16 01:46 - 00000165 _____ () C:\Windows\Reimage.ini
2015-03-16 01:38 - 2015-03-16 01:39 - 00768520 _____ (Reimage®) C:\Users\BamaBrat\Downloads\ReimageRepair.exe
2015-03-16 00:25 - 2015-03-16 00:25 - 04816784 _____ (AVG Technologies) C:\Users\BamaBrat\Downloads\avg_isc_stb_all_2015_ltst_206.exe
2015-03-14 23:12 - 2015-03-14 23:12 - 00000046 _____ () C:\Windows\wininit.ini
2015-03-14 19:28 - 2015-03-14 19:28 - 00000000 ____D () C:\ProgramData\Shared Space
2015-03-14 19:25 - 2015-03-14 19:27 - 00000000 ____D () C:\Program Files\COMODO
2015-03-14 19:24 - 2015-03-14 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-14 19:24 - 2015-03-14 19:24 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Comodo
2015-03-14 19:23 - 2015-03-14 19:23 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-03-14 19:23 - 2015-03-14 19:23 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-03-14 19:22 - 2015-03-14 19:28 - 00000000 ____D () C:\ProgramData\Comodo
2015-03-14 18:29 - 2015-03-14 18:33 - 229979832 _____ (COMODO) C:\Users\BamaBrat\Downloads\cfw_installer_6106_53.exe
2015-03-14 01:40 - 2015-03-16 00:49 - 00000000 ____D () C:\Program Files (x86)\UNNiDDealosua
2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\UniDeals
2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\ProgramData\15174181810477798393
2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\Program Files (x86)\Website Blocker
2015-03-14 01:39 - 2015-03-14 19:24 - 00000000 ____D () C:\ProgramData\{8ead84e5-82ef-c539-8ead-d84e582e1396}
2015-03-13 23:55 - 2015-03-13 23:55 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\ooVoo Details
2015-03-13 23:36 - 2015-03-13 23:37 - 02388592 _____ (ooVoo LLC) C:\Users\BamaBrat\Downloads\ooVooSetup.exe
2015-03-13 16:21 - 2015-03-13 16:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-13 16:21 - 2015-03-13 16:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-10 14:45 - 2015-03-10 14:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-10 14:45 - 2015-03-10 14:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-10 14:43 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-10 14:43 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-10 14:43 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-10 14:43 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-10 14:43 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-10 14:43 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-10 14:43 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-10 14:43 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-10 14:42 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 14:42 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 14:42 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 14:42 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-10 14:42 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-10 14:42 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-10 14:42 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-10 14:42 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-10 14:42 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-10 14:41 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 14:41 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 14:41 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 14:41 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 14:41 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-10 14:41 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-10 14:41 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-10 14:41 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-10 14:41 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-10 14:41 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-10 14:41 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-10 14:41 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-10 14:41 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-10 14:41 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-10 14:41 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-10 14:41 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-10 14:41 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 14:41 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-10 14:41 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-10 14:41 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 14:41 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-10 14:41 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-10 14:41 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-10 14:41 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-10 14:41 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 14:41 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-10 14:41 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-10 14:41 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-10 14:41 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-10 14:41 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 14:41 - 2014-10-28 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-10 14:41 - 2014-10-28 22:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-10 14:41 - 2014-10-28 22:45 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-10 14:41 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 14:41 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 14:41 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-10 14:41 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-10 14:41 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-10 14:41 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-10 14:41 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-10 14:41 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 14:41 - 2014-10-28 22:03 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-10 14:41 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 14:41 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 14:41 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-10 14:41 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-10 14:41 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-10 14:41 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-10 14:41 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-10 14:41 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-10 14:41 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-10 14:41 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-10 14:41 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-10 14:41 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-10 14:41 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-10 14:41 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-10 14:41 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-10 14:41 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-10 14:40 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 14:40 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 14:40 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 14:40 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-10 14:40 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 14:40 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 14:40 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 14:40 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 14:40 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 14:40 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 14:40 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 14:40 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 14:40 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 14:40 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 14:40 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-10 14:40 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 14:40 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 14:40 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 14:40 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-10 14:40 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-10 14:40 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-10 14:40 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 14:40 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 14:40 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 14:40 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 14:40 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 14:40 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-10 14:40 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-10 14:40 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 14:40 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-10 14:40 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 14:40 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 14:40 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 14:40 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 14:40 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 14:40 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 14:40 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 14:40 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 14:40 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 14:40 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 14:40 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 14:40 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 14:40 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 14:40 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 14:40 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 14:40 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 14:40 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 14:40 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 14:40 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 14:40 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 14:40 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-10 14:40 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-10 14:40 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-10 14:40 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-10 14:40 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-10 14:39 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 14:39 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 14:39 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-10 14:39 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-10 14:39 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 14:39 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 14:39 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-10 14:39 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-10 14:39 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 14:39 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 10:20 - 2015-03-10 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-10 10:19 - 2015-03-10 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-03-10 10:18 - 2015-03-10 10:18 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-10 10:18 - 2015-03-10 10:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-03-10 10:15 - 2015-03-10 10:15 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-10 10:15 - 2015-03-10 10:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-03-10 10:14 - 2015-03-10 15:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 10:14 - 2015-03-10 13:49 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Microsoft Help
2015-03-10 10:14 - 2015-03-10 10:14 - 00000000 __RHD () C:\MSOCache
2015-03-10 10:11 - 2015-03-10 10:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-09 20:48 - 2015-03-10 17:42 - 00036864 _____ () C:\Users\BamaBrat\Desktop\Island Labor March 16 thru March 22.xls
2015-03-09 19:54 - 2015-03-10 15:33 - 00036352 _____ () C:\Users\BamaBrat\Desktop\Island Labor March 9 thru March 15.xls
2015-03-09 09:43 - 2015-03-09 09:43 - 00013906 _____ () C:\Users\BamaBrat\Downloads\labor sheet(1).zip
2015-03-08 15:10 - 2015-03-08 15:10 - 00086100 _____ () C:\Users\BamaBrat\Downloads\calendar.zip
2015-03-08 14:33 - 2015-03-08 14:33 - 00008704 _____ () C:\Users\BamaBrat\Desktop\Island Supply List March, 8 2015.xls
2015-03-08 14:20 - 2015-03-08 14:21 - 00419492 _____ () C:\Users\BamaBrat\Downloads\Island Order March 8, 2015.xlsx
2015-03-06 00:08 - 2015-03-06 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 16:43 - 2015-03-05 16:46 - 00011264 _____ () C:\Users\BamaBrat\Desktop\Sales May 2014 - December 2014.xls
2015-03-05 16:29 - 2015-03-05 16:29 - 00416160 _____ () C:\Users\BamaBrat\Downloads\Order sheet 382015.zip
2015-03-05 15:40 - 2015-03-08 14:23 - 00007680 _____ () C:\Users\BamaBrat\Desktop\Local Supply List.xls
2015-03-05 15:38 - 2015-03-15 22:47 - 00120320 _____ () C:\Users\BamaBrat\Desktop\Island Sales 2015.xls
2015-03-05 15:33 - 2015-03-08 18:49 - 00019562 _____ () C:\Users\BamaBrat\Desktop\Island Labor Allocation.ods
2015-03-05 15:27 - 2015-03-05 15:27 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\LogMeIn
2015-03-05 15:27 - 2015-03-05 15:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-05 13:58 - 2015-03-05 13:58 - 00016172 _____ () C:\Users\BamaBrat\Downloads\labor sheet.zip
2015-03-05 13:03 - 2015-03-05 13:03 - 00011264 _____ () C:\Users\BamaBrat\Desktop\Sysco Island December 14,2014.xls
2015-03-05 11:55 - 2015-03-05 11:55 - 00016023 _____ () C:\Users\BamaBrat\Downloads\ExampleProjectedMarchSchedule.xlsx
2015-03-05 11:44 - 2015-03-05 11:44 - 03022928 _____ () C:\Users\BamaBrat\Downloads\vip.zip
2015-03-05 11:44 - 2015-03-05 11:44 - 01609016 _____ () C:\Users\BamaBrat\Downloads\Important Spreadsheets.zip
2015-03-05 11:42 - 2015-03-05 11:42 - 00122020 _____ () C:\Users\BamaBrat\Downloads\More VIP forms.zip
2015-03-04 15:54 - 2015-03-05 15:37 - 00048640 ____H () C:\Users\BamaBrat\Desktop\~WRL0001.tmp
2015-03-04 14:17 - 2015-03-04 14:17 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\OpenOffice
2015-03-04 14:05 - 2015-03-04 14:13 - 140852175 _____ () C:\Users\BamaBrat\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2015-03-03 23:04 - 2015-03-03 23:04 - 00122368 _____ () C:\Users\BamaBrat\Downloads\Island Sales 2015.xls
2015-03-02 22:15 - 2015-03-15 22:47 - 00083968 ___SH () C:\Users\BamaBrat\Desktop\Thumbs.db
2015-03-02 22:01 - 2015-03-02 22:02 - 05977528 _____ (Lenovo Inc.) C:\Users\BamaBrat\Downloads\Lenovo.SuperFishRemovalTool.exe
2015-03-01 18:10 - 2015-03-14 00:47 - 00375296 ___SH () C:\Users\BamaBrat\Downloads\Thumbs.db
2015-02-27 00:40 - 2015-02-27 00:40 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 21:02 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 21:02 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-26 21:02 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 21:02 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-26 21:02 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 21:02 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-26 20:57 - 2015-02-26 20:57 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-26 02:41 - 2015-02-26 02:41 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-26 02:41 - 2015-02-26 02:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-26 02:40 - 2015-02-26 20:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-24 16:09 - 2015-03-03 22:24 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-02-24 16:09 - 2015-02-24 16:09 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-02-24 16:09 - 2015-02-24 16:09 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2015-02-24 16:09 - 2015-02-24 16:09 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-02-20 15:12 - 2015-02-20 15:12 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys
2015-02-15 00:29 - 2015-02-15 00:29 - 00000000 ____D () C:\Users\Public\OEM
2015-02-14 19:07 - 2015-02-14 19:07 - 00000000 __SHD () C:\Users\BamaBrat\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 02:13 - 2014-11-30 13:14 - 01389464 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 02:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 02:08 - 2014-03-18 05:47 - 01157900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 02:06 - 2015-02-07 13:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1136846300-3956240899-3284163035-1001
2015-03-16 02:02 - 2015-02-07 13:49 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\CrashDumps
2015-03-16 02:02 - 2015-02-07 00:49 - 00000000 ____D () C:\Users\BamaBrat\OneDrive
2015-03-16 02:00 - 2013-08-22 10:46 - 00028185 _____ () C:\Windows\setupact.log
2015-03-16 02:00 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 01:59 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-16 01:54 - 2015-02-07 15:41 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-16 01:46 - 2015-02-07 13:33 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\VirtualStore
2015-03-16 01:00 - 2015-02-07 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 00:30 - 2014-03-18 05:39 - 00018726 _____ () C:\Windows\PFRO.log
2015-03-16 00:30 - 2013-08-22 10:44 - 00493368 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 00:28 - 2015-02-07 15:46 - 00000945 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-16 00:28 - 2015-02-07 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-15 20:36 - 2015-02-07 13:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2061BD93-D365-4521-89AC-1E4F015CD8FB}
2015-03-15 20:34 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Pokki
2015-03-14 23:51 - 2015-02-07 14:07 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\IMVU
2015-03-14 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 18:24 - 2015-02-07 13:36 - 00002336 _____ () C:\Users\BamaBrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-11 14:27 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat
2015-03-11 14:14 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-11 14:07 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 15:06 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-10 14:57 - 2015-02-10 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 14:53 - 2015-02-10 23:18 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 13:48 - 2015-02-07 13:34 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\clear.fi
2015-03-10 10:18 - 2014-11-30 12:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-10 10:18 - 2014-07-24 23:06 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-10 10:18 - 2014-03-18 05:33 - 00000000 ____D () C:\Windows\ShellNew
2015-03-10 10:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-10 10:15 - 2013-08-22 09:25 - 00000199 _____ () C:\Windows\win.ini
2015-03-10 00:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 14:17 - 2015-02-07 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 17:10 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Packages
2015-03-05 15:41 - 2015-02-07 23:16 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Adobe
2015-03-05 15:41 - 2015-02-07 13:33 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\Adobe
2015-03-04 22:49 - 2015-02-07 22:27 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-04 22:49 - 2015-02-07 22:27 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-03-04 17:24 - 2015-02-11 13:04 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2015-02-11 13:04 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 02:12 - 2015-02-07 00:28 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\Gyazo
2015-02-26 00:07 - 2014-11-30 12:19 - 00000000 ____D () C:\ProgramData\Intel
2015-02-25 02:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 16:09 - 2014-11-30 11:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-24 16:09 - 2014-11-30 11:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-24 16:09 - 2014-07-24 23:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-20 14:16 - 2015-02-07 14:07 - 00001937 _____ () C:\Users\BamaBrat\Desktop\IMVU.lnk
2015-02-20 14:14 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\IMVUClient
2015-02-14 19:16 - 2014-03-18 05:33 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2015-02-14 19:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-02-14 19:16 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe

==================== Files in the root of some directories =======

2014-11-30 12:28 - 2014-11-30 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\BamaBrat\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\BamaBrat\AppData\Local\Temp\InstallIMVU_516.0.exe
C:\Users\BamaBrat\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.dll
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.exe
C:\Users\BamaBrat\AppData\Local\Temp\oct68D0.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octA9C4.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octDE30.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octDF41.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\ReimagePackage.exe
C:\Users\BamaBrat\AppData\Local\Temp\ReiSysUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 14:11

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by BamaBrat at 2015-03-16 02:31:34
Running from C:\Users\BamaBrat\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5856 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5856 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Host App Service (HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Pokki) (Version: 0.269.7.564 - Pokki)
IMVU Avatar Chat Software (HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{1c3caad7-d0ad-4f7c-87e0-f47627304993}) (Version: 1.3.3.1036 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Pokki Start Menu (HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Pokki_Start_Menu) (Version: 0.269.7.564 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.1 - Reimage) <==== ATTENTION
UniDeals (HKLM-x32\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

24-02-2015 16:07:21 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
28-02-2015 22:42:22 Windows Update
04-03-2015 14:14:25 Installed OpenOffice 4.1.1
10-03-2015 10:13:07 Installed Microsoft Office Enterprise 2007
14-03-2015 19:26:35 Installing COMODO Firewall
15-03-2015 23:55:21 Removed ooVoo

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15881B41-EA9D-4DA8-BBDF-2B5ADDB60DD6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {19FAD0B4-ACD6-4C66-B6FD-3D30E9383D46} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {26884E6A-C16B-433D-980D-5F7F1248FB33} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {26F654B6-8982-4E98-85C3-E962A209F39E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-09] (Reimage ltd.) <==== ATTENTION
Task: {3147F9E3-E494-42EA-B122-5C07038B167D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {3625509C-4CF5-4F35-BE56-D11845E8BEE8} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {3EF3C025-762C-4EC3-8051-951B961A79F8} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {49589AD2-F6AA-4A33-87B1-FDC507D1B4DB} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {6639FA07-3E5C-47E2-909C-6F6BD69A353A} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-04] ()
Task: {6B2EC7AE-CF20-4887-809E-8B00CA91B720} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {6FBFE74F-C3FC-4315-9082-A7C2D4D61A4A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {A1FF08DE-31ED-444E-898A-42AA6A3ADDEC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {A7170A63-4205-494C-8117-F05420495C98} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {AEE24409-4E38-4472-8516-583C9C2FA6B4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {BBF343B3-3592-4298-9637-4D69AE4FDD78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C1D1B1EB-0F61-48F6-A919-F0C16E0C0154} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {E121E8CE-D695-472B-B041-757A7B4BD146} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EF9EFB11-E647-4343-87DC-E8FD57EE2DBF} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-04 22:49 - 2015-03-04 22:49 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-02-08 12:06 - 2015-02-08 12:06 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-07-24 23:29 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-01-14 06:07 - 2015-01-14 06:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2015-03-04 22:49 - 2015-03-04 22:49 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2014-04-29 06:38 - 2014-04-29 06:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 06:35 - 2014-04-29 06:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 06:42 - 2014-04-29 06:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-19 22:59 - 2014-12-19 22:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-02-07 22:27 - 2015-03-04 22:49 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-12-19 22:59 - 2014-12-19 22:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-03-04 22:49 - 2015-03-04 22:49 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2014-12-19 22:48 - 2014-12-19 22:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2014-12-19 22:48 - 2014-12-19 22:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-02-07 13:56 - 2015-02-07 13:56 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-12-19 22:16 - 2014-12-19 22:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-12-29 14:25 - 2014-12-29 14:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 14:26 - 2014-12-29 14:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 14:26 - 2014-12-29 14:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 14:26 - 2014-12-29 14:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-12-19 22:10 - 2014-12-19 22:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-12-19 23:00 - 2014-12-19 23:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-02-07 22:27 - 2015-02-07 22:27 - 01663512 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-02-07 22:27 - 2015-03-04 22:49 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-01-04 00:06 - 2015-01-04 00:06 - 00569856 _____ () C:\Users\BamaBrat\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-04 00:06 - 2015-01-04 00:06 - 01400846 _____ () C:\Users\BamaBrat\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-04 00:06 - 2015-01-04 00:06 - 00151054 _____ () C:\Users\BamaBrat\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-04 00:06 - 2015-01-04 00:06 - 00222734 _____ () C:\Users\BamaBrat\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\BamaBrat\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1136846300-3956240899-3284163035-500 - Administrator - Disabled)
BamaBrat (S-1-5-21-1136846300-3956240899-3284163035-1001 - Administrator - Enabled) => C:\Users\BamaBrat
Guest (S-1-5-21-1136846300-3956240899-3284163035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1136846300-3956240899-3284163035-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 02:11:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (03/16/2015 02:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time stamp: 0x54942c87
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x002260fb
Faulting process id: 0x668
Faulting application start time: 0xAcerPortal.exe0
Faulting application path: AcerPortal.exe1
Faulting module path: AcerPortal.exe2
Report Id: AcerPortal.exe3
Faulting package full name: AcerPortal.exe4
Faulting package-relative application ID: AcerPortal.exe5

Error: (03/16/2015 00:33:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time stamp: 0x54942c87
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x002260fb
Faulting process id: 0x1050
Faulting application start time: 0xAcerPortal.exe0
Faulting application path: AcerPortal.exe1
Faulting module path: AcerPortal.exe2
Report Id: AcerPortal.exe3
Faulting package full name: AcerPortal.exe4
Faulting package-relative application ID: AcerPortal.exe5

Error: (03/16/2015 00:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.6, time stamp: 0x5494253a
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xd00
Faulting application start time: 0xBackgroundAgent.exe0
Faulting application path: BackgroundAgent.exe1
Faulting module path: BackgroundAgent.exe2
Report Id: BackgroundAgent.exe3
Faulting package full name: BackgroundAgent.exe4
Faulting package-relative application ID: BackgroundAgent.exe5

Error: (03/15/2015 11:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time stamp: 0x54942c87
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x002260fb
Faulting process id: 0x7008
Faulting application start time: 0xAcerPortal.exe0
Faulting application path: AcerPortal.exe1
Faulting module path: AcerPortal.exe2
Report Id: AcerPortal.exe3
Faulting package full name: AcerPortal.exe4
Faulting package-relative application ID: AcerPortal.exe5

Error: (03/15/2015 08:45:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/15/2015 08:34:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time stamp: 0x54942c87
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x002260fb
Faulting process id: 0x934
Faulting application start time: 0xAcerPortal.exe0
Faulting application path: AcerPortal.exe1
Faulting module path: AcerPortal.exe2
Report Id: AcerPortal.exe3
Faulting package full name: AcerPortal.exe4
Faulting package-relative application ID: AcerPortal.exe5

Error: (03/14/2015 11:56:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time stamp: 0x54942c87
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x002260fb
Faulting process id: 0xd4c
Faulting application start time: 0xAcerPortal.exe0
Faulting application path: AcerPortal.exe1
Faulting module path: AcerPortal.exe2
Report Id: AcerPortal.exe3
Faulting package full name: AcerPortal.exe4
Faulting package-relative application ID: AcerPortal.exe5

Error: (03/14/2015 11:39:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb54

Start Time: 01d05ed065178b1b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cdf44763-cac4-11e4-826c-acb57d0eadd8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/14/2015 10:36:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5458

Start Time: 01d05eb6d9693d92

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1005cee0-cabc-11e4-826c-acb57d0eadd8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (03/16/2015 02:01:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (03/16/2015 02:01:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (03/16/2015 02:00:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/16/2015 00:31:22 AM) (Source: DCOM) (EventID: 10016) (User: TRACY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TracyBamaBratS-1-5-21-1136846300-3956240899-3284163035-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/16/2015 00:31:19 AM) (Source: DCOM) (EventID: 10016) (User: TRACY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TracyBamaBratS-1-5-21-1136846300-3956240899-3284163035-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/16/2015 00:30:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/15/2015 09:55:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (03/14/2015 11:53:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/14/2015 07:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/14/2015 07:40:25 PM) (Source: DCOM) (EventID: 10010) (User: TRACY)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-03-14 22:36:08.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 21:30:10.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 21:12:13.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 21:00:00.206
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 20:51:22.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 19:45:48.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 19:40:05.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3977.98 MB
Available physical RAM: 1658.29 MB
Total Pagefile: 4873.98 MB
Available Pagefile: 2466.67 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.64 GB) (Free:407.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 23D4FE2D)

Partition: GPT Partition Type.

==================== End Of Log ============================
bama2719
Active Member
 
Posts: 6
Joined: March 16th, 2015, 2:06 am
Advertisement
Register to Remove

Re: BHO, Hyperlinks, popups

Unread postby Cypher » March 18th, 2015, 9:07 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

There are signs of infection in your logs so lets get started, in this run i will need you to run a fix, then further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


Uninstall programs

  • From the top or bottom right corner... a widget panel appears, select Settings.
  • Select, click Control Panel to open.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Google Chrome
    Reimage Repair
    UniDeals
    youtubeadblocker
  • Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  • Repeat steps 4 - 5 for each program in the list. When finished... Close the Control Panel window.

Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
    () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    (Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
    (Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-04] ()
    HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid= ... S&unqvl=84
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
    SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {2EC34E01-1DA2-4EF9-88D1-95499606C14B}&mid=9aee6fcbe10047cda1e4f123cc4240f6-8433249c9a3703b89d4bc06f969cc5cfe03df33b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-07 21:27:52&v=4.0.6.10&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
    SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {F5A217BE-AF39-11E4-825F-206A8AA6A905} URL = http://search.homepage-web.com/?src=omn ... er=acer&q= {searchTerms}
    BHO: youtubeadblocker -> {1e45cd8b-bb2e-472b-8d87-a19287b981d4} -> C:\Program Files (x86)\youtubeadblocker\YHad8UzCYgCSwI.x64.dll [2015-03-14] ()
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
    BHO: UniDeals -> {b553dcdd-2c61-46da-9856-ef7df7570efd} -> C:\Program Files (x86)\UniDeals\nyL6XWabKR5b3G.x64.dll [2015-03-14] ()
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\Web Search.xml [2015-02-07]
    FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\WebSearch.xml [2015-03-14]
    FF Extension: youtubeadblocker - C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\5cx3LI@XK8UX.com [2015-03-14]
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
    S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
    2015-03-16 01:46 - 2015-03-16 01:46 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
    2015-03-16 01:42 - 2015-03-16 01:45 - 00000000 ____D () C:\ProgramData\Reimage Protector
    2015-03-16 01:42 - 2015-03-16 01:44 - 00000000 ____D () C:\Program Files\Reimage
    2015-03-16 01:42 - 2015-03-16 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2015-03-16 01:41 - 2015-03-16 01:46 - 00000000 ____D () C:\rei
    2015-03-16 01:39 - 2015-03-16 01:46 - 00000165 _____ () C:\Windows\Reimage.ini
    2015-03-16 01:38 - 2015-03-16 01:39 - 00768520 _____ (Reimage®) C:\Users\BamaBrat\Downloads\ReimageRepair.exe
    2015-03-14 01:40 - 2015-03-16 00:49 - 00000000 ____D () C:\Program Files (x86)\UNNiDDealosua
    2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
    2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\UniDeals
    2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\ProgramData\15174181810477798393
    2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\Program Files (x86)\Website Blocker
    2015-03-14 01:39 - 2015-03-14 19:24 - 00000000 ____D () C:\ProgramData\{8ead84e5-82ef-c539-8ead-d84e582e1396}
    2015-03-13 23:55 - 2015-03-13 23:55 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\ooVoo Details
    2015-03-13 23:36 - 2015-03-13 23:37 - 02388592 _____ (ooVoo LLC) C:\Users\BamaBrat\Downloads\ooVooSetup.exe
    C:\Users\BamaBrat\AppData\Local\Temp\FoxitUpdater.exe
    C:\Users\BamaBrat\AppData\Local\Temp\InstallIMVU_516.0.exe
    C:\Users\BamaBrat\AppData\Local\Temp\Intel_Technology_Access_Software.exe
    C:\Users\BamaBrat\AppData\Local\Temp\ochelper.dll
    C:\Users\BamaBrat\AppData\Local\Temp\ochelper.exe
    C:\Users\BamaBrat\AppData\Local\Temp\oct68D0.tmp.exe
    C:\Users\BamaBrat\AppData\Local\Temp\octA9C4.tmp.exe
    C:\Users\BamaBrat\AppData\Local\Temp\octDE30.tmp.exe
    C:\Users\BamaBrat\AppData\Local\Temp\octDF41.tmp.exe
    C:\Users\BamaBrat\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\BamaBrat\AppData\Local\Temp\ReiSysUpdate.exe
    C:\Users\BamaBrat\AppData\Local\Google
    C:\Program Files (x86)\Google
    Task: {26F654B6-8982-4E98-85C3-E962A209F39E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-09] (Reimage ltd.) <==== ATTENTION
    Task: {6FBFE74F-C3FC-4315-9082-A7C2D4D61A4A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
    AlternateDataStreams: C:\Users\BamaBrat\OneDrive:ms-properties
    
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • AdwCleaner log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: BHO, Hyperlinks, popups

Unread postby bama2719 » March 18th, 2015, 1:53 pm

The computer seems to be running smoother. So far no popups and as far as I can see no hyperlinks. I did not see google chrome in my add/remove programs to remove, however the others were successful. Thank you so very much and I will await further instructions.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by BamaBrat at 2015-03-18 13:17:27 Run:1
Running from C:\Users\BamaBrat\Downloads
Loaded Profiles: BamaBrat (Available profiles: BamaBrat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\BamaBrat\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-04] ()
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid= ... S&unqvl=84
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {2EC34E01-1DA2-4EF9-88D1-95499606C14B}&mid=9aee6fcbe10047cda1e4f123cc4240f6-8433249c9a3703b89d4bc06f969cc5cfe03df33b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-07 21:27:52&v=4.0.6.10&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3500&r=2015/03/14&hid=15142541064165150077&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-1136846300-3956240899-3284163035-1001 -> {F5A217BE-AF39-11E4-825F-206A8AA6A905} URL = http://search.homepage-web.com/?src=omn ... er=acer&q= {searchTerms}
BHO: youtubeadblocker -> {1e45cd8b-bb2e-472b-8d87-a19287b981d4} -> C:\Program Files (x86)\youtubeadblocker\YHad8UzCYgCSwI.x64.dll [2015-03-14] ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO: UniDeals -> {b553dcdd-2c61-46da-9856-ef7df7570efd} -> C:\Program Files (x86)\UniDeals\nyL6XWabKR5b3G.x64.dll [2015-03-14] ()
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\Web Search.xml [2015-02-07]
FF SearchPlugin: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\WebSearch.xml [2015-03-14]
FF Extension: youtubeadblocker - C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\5cx3LI@XK8UX.com [2015-03-14]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
2015-03-16 01:46 - 2015-03-16 01:46 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-03-16 01:42 - 2015-03-16 01:45 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-16 01:42 - 2015-03-16 01:44 - 00000000 ____D () C:\Program Files\Reimage
2015-03-16 01:42 - 2015-03-16 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-03-16 01:41 - 2015-03-16 01:46 - 00000000 ____D () C:\rei
2015-03-16 01:39 - 2015-03-16 01:46 - 00000165 _____ () C:\Windows\Reimage.ini
2015-03-16 01:38 - 2015-03-16 01:39 - 00768520 _____ (Reimage®) C:\Users\BamaBrat\Downloads\ReimageRepair.exe
2015-03-14 01:40 - 2015-03-16 00:49 - 00000000 ____D () C:\Program Files (x86)\UNNiDDealosua
2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-03-14 01:40 - 2015-03-14 18:22 - 00000000 ____D () C:\Program Files (x86)\UniDeals
2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\ProgramData\15174181810477798393
2015-03-14 01:40 - 2015-03-14 01:40 - 00000000 ____D () C:\Program Files (x86)\Website Blocker
2015-03-14 01:39 - 2015-03-14 19:24 - 00000000 ____D () C:\ProgramData\{8ead84e5-82ef-c539-8ead-d84e582e1396}
2015-03-13 23:55 - 2015-03-13 23:55 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\ooVoo Details
2015-03-13 23:36 - 2015-03-13 23:37 - 02388592 _____ (ooVoo LLC) C:\Users\BamaBrat\Downloads\ooVooSetup.exe
C:\Users\BamaBrat\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\BamaBrat\AppData\Local\Temp\InstallIMVU_516.0.exe
C:\Users\BamaBrat\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.dll
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.exe
C:\Users\BamaBrat\AppData\Local\Temp\oct68D0.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octA9C4.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octDE30.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\octDF41.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\ReimagePackage.exe
C:\Users\BamaBrat\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\BamaBrat\AppData\Local\Google
C:\Program Files (x86)\Google
Task: {26F654B6-8982-4E98-85C3-E962A209F39E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-09] (Reimage ltd.) <==== ATTENTION
Task: {6FBFE74F-C3FC-4315-9082-A7C2D4D61A4A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
AlternateDataStreams: C:\Users\BamaBrat\OneDrive:ms-properties

CMD: ipconfig /flushdn
*****************

C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe => No running process found
[1472] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe => Process closed successfully.
[2656] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe => Process closed successfully.
[3680] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => Process closed successfully.
[5252] C:\Users\BamaBrat\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => Process closed successfully.
[32140] C:\Users\BamaBrat\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
"HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
"HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5A217BE-AF39-11E4-825F-206A8AA6A905}" => Key deleted successfully.
HKCR\CLSID\{F5A217BE-AF39-11E4-825F-206A8AA6A905} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e45cd8b-bb2e-472b-8d87-a19287b981d4}" => Key deleted successfully.
"HKCR\CLSID\{1e45cd8b-bb2e-472b-8d87-a19287b981d4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b553dcdd-2c61-46da-9856-ef7df7570efd}" => Key deleted successfully.
"HKCR\CLSID\{b553dcdd-2c61-46da-9856-ef7df7570efd}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\Web Search.xml => Moved successfully.
C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\WebSearch.xml => Moved successfully.
C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\5cx3LI@XK8UX.com => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
ReimageRealTimeProtector => Service not found.
McAfee SiteAdvisor Service => Service deleted successfully.
"C:\Windows\System32\Tasks\Reimage Reminder" => File/Directory not found.
"C:\ProgramData\Reimage Protector" => File/Directory not found.
C:\Program Files\Reimage => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => File/Directory not found.
"C:\rei" => File/Directory not found.
C:\Windows\Reimage.ini => Moved successfully.
C:\Users\BamaBrat\Downloads\ReimageRepair.exe => Moved successfully.
C:\Program Files (x86)\UNNiDDealosua => Moved successfully.
C:\Program Files (x86)\youtubeadblocker => Moved successfully.
C:\Program Files (x86)\UniDeals => Moved successfully.
C:\ProgramData\15174181810477798393 => Moved successfully.
C:\Program Files (x86)\Website Blocker => Moved successfully.
C:\ProgramData\{8ead84e5-82ef-c539-8ead-d84e582e1396} => Moved successfully.
C:\Users\BamaBrat\AppData\Roaming\ooVoo Details => Moved successfully.
C:\Users\BamaBrat\Downloads\ooVooSetup.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\FoxitUpdater.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\InstallIMVU_516.0.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\Intel_Technology_Access_Software.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.dll => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\ochelper.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\oct68D0.tmp.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\octA9C4.tmp.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\octDE30.tmp.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\octDF41.tmp.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\ReiSysUpdate.exe => Moved successfully.
"C:\Users\BamaBrat\AppData\Local\Google" => File/Directory not found.
"C:\Program Files (x86)\Google" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26F654B6-8982-4E98-85C3-E962A209F39E} => Key not found.
C:\Windows\System32\Tasks\Reimage Reminder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FBFE74F-C3FC-4315-9082-A7C2D4D61A4A} => Key not found.
C:\Windows\System32\Tasks\ReimageUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => Key not found.
C:\Users\BamaBrat\OneDrive => ":ms-properties" ADS removed successfully.

========= ipconfig /flushdn =========


Error: unrecognized or incomplete command line.

USAGE:
ipconfig [/allcompartments] [/? | /all |
/renew [adapter] | /release [adapter] |
/renew6 [adapter] | /release6 [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] |
/showclassid6 adapter |
/setclassid6 adapter [classid] ]

where
adapter Connection name
(wildcard characters * and ? allowed, see examples)

Options:
/? Display this help message
/all Display full configuration information.
/release Release the IPv4 address for the specified adapter.
/release6 Release the IPv6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
/showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter.
/setclassid6 Modifies the IPv6 DHCP class id.


The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.

Examples:
> ipconfig ... Show information
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Wired Ethernet Connection 1" or
"Wired Ethernet Connection 2"
> ipconfig /allcompartments ... Show information about all
compartments
> ipconfig /allcompartments /all ... Show detailed information about all
compartments

========= End of CMD: =========


==== End of Fixlog 13:17:55 ====




# AdwCleaner v4.112 - Logfile created 18/03/2015 at 13:28:54
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1 Connected (x64)
# Username : BamaBrat - TRACY
# Running from : C:\Users\BamaBrat\Downloads\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.4.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\Avg@toolbar
Folder Deleted : C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\Extensions\bK@2UYD.org
File Deleted : C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[vh6byn2u.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "DuckDuckGo,eBay,WebSearch");

*************************

AdwCleaner[R0].txt - [4787 bytes] - [18/03/2015 13:24:56]
AdwCleaner[S0].txt - [4594 bytes] - [18/03/2015 13:28:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4653 bytes] ##########
bama2719
Active Member
 
Posts: 6
Joined: March 16th, 2015, 2:06 am

Re: BHO, Hyperlinks, popups

Unread postby Cypher » March 18th, 2015, 2:27 pm

Hi,
Thank you so very much

You're most welcome :)
The computer seems to be running smoother. So far no popups and as far as I can see no hyperlinks.

Excellent, let me know if you see any other problems.

Round two, now we need to check for any "leftovers".

Rescan with FRST

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • FRST.txt.
  • ESET log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: BHO, Hyperlinks, popups

Unread postby bama2719 » March 18th, 2015, 8:15 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BamaBrat (administrator) on TRACY on 18-03-2015 15:44:02
Running from C:\Users\BamaBrat\Downloads
Loaded Profiles: BamaBrat (Available profiles: BamaBrat)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisBA35.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-12] (Acer Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2544896 2015-03-12] (Acer)
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\BamaBrat\DOWNLO~1\dds(1).scr
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1136846300-3956240899-3284163035-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BamaBrat\AppData\Roaming\Mozilla\Firefox\Profiles\vh6byn2u.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF DefaultSearchEngine: Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1516968 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-12] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-02-08] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-02-20] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 13:39 - 2015-03-18 13:39 - 00004769 _____ () C:\Users\BamaBrat\Desktop\AdwCleaner[S0].txt
2015-03-18 13:21 - 2015-03-18 13:28 - 00000000 ____D () C:\AdwCleaner
2015-03-18 13:19 - 2015-03-18 13:19 - 02171392 _____ () C:\Users\BamaBrat\Downloads\adwcleaner_4.112.exe
2015-03-18 13:07 - 2015-03-18 13:07 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-03-18 13:04 - 2015-03-18 13:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TRACY-Windows-8.1-Connected-(64-bit).dat
2015-03-18 13:02 - 2015-03-18 13:06 - 00001990 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-03-18 12:44 - 2015-03-18 12:44 - 00000000 ____D () C:\RegBackup
2015-03-18 12:41 - 2015-03-18 12:41 - 00002219 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-18 12:41 - 2015-03-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-18 12:41 - 2015-03-18 12:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-18 12:38 - 2015-03-18 12:39 - 04720448 _____ () C:\Users\BamaBrat\Downloads\tweaking.com_registry_backup_setup.exe
2015-03-18 12:31 - 2015-03-18 12:39 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-03-18 12:02 - 2015-03-18 12:02 - 00001929 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-03-18 02:03 - 2015-03-18 02:03 - 00036864 _____ () C:\Users\BamaBrat\Desktop\Island Labor March 23 thru March 29.xls
2015-03-18 00:03 - 2015-03-18 00:05 - 00001965 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-03-16 02:31 - 2015-03-16 02:33 - 00028986 _____ () C:\Users\BamaBrat\Downloads\Addition.txt
2015-03-16 02:25 - 2015-03-18 15:44 - 00013572 _____ () C:\Users\BamaBrat\Downloads\FRST.txt
2015-03-16 02:25 - 2015-03-18 15:44 - 00000000 ____D () C:\FRST
2015-03-16 02:24 - 2015-03-16 02:24 - 02095616 _____ (Farbar) C:\Users\BamaBrat\Downloads\FRST64.exe
2015-03-16 01:57 - 2015-03-16 01:57 - 00000000 ____D () C:\Users\BamaBrat\Downloads\backups
2015-03-16 01:47 - 2015-03-16 01:47 - 00010961 _____ () C:\Users\BamaBrat\Downloads\hijackthis.log
2015-03-16 01:45 - 2015-03-16 01:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\BamaBrat\Downloads\HijackThis.exe
2015-03-14 23:12 - 2015-03-14 23:12 - 00000046 _____ () C:\Windows\wininit.ini
2015-03-14 19:28 - 2015-03-14 19:28 - 00000000 ____D () C:\ProgramData\Shared Space
2015-03-14 19:25 - 2015-03-14 19:27 - 00000000 ____D () C:\Program Files\COMODO
2015-03-14 19:24 - 2015-03-14 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-14 19:24 - 2015-03-14 19:24 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Comodo
2015-03-14 19:23 - 2015-03-14 19:23 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-03-14 19:23 - 2015-03-14 19:23 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-03-14 19:22 - 2015-03-14 19:28 - 00000000 ____D () C:\ProgramData\Comodo
2015-03-13 16:21 - 2015-03-13 16:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-13 16:21 - 2015-03-13 16:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-10 14:45 - 2015-03-10 14:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-10 14:45 - 2015-03-10 14:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-10 14:43 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-10 14:43 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-10 14:43 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-10 14:43 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-10 14:43 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-10 14:43 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-10 14:43 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-10 14:43 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-10 14:42 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 14:42 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 14:42 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 14:42 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-10 14:42 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-10 14:42 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-10 14:42 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-10 14:42 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-10 14:42 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-10 14:41 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 14:41 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 14:41 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 14:41 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 14:41 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-10 14:41 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-10 14:41 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-10 14:41 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-10 14:41 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-10 14:41 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-10 14:41 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-10 14:41 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-10 14:41 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-10 14:41 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-10 14:41 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-10 14:41 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-10 14:41 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 14:41 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-10 14:41 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-10 14:41 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 14:41 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-10 14:41 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-10 14:41 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-10 14:41 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-10 14:41 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 14:41 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-10 14:41 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-10 14:41 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-10 14:41 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-10 14:41 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 14:41 - 2014-10-28 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-10 14:41 - 2014-10-28 22:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-10 14:41 - 2014-10-28 22:45 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-10 14:41 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 14:41 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 14:41 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-10 14:41 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-10 14:41 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-10 14:41 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-10 14:41 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-10 14:41 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 14:41 - 2014-10-28 22:03 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-10 14:41 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 14:41 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 14:41 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-10 14:41 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-10 14:41 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-10 14:41 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-10 14:41 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-10 14:41 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-10 14:41 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-10 14:41 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-10 14:41 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-10 14:41 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-10 14:41 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-10 14:41 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-10 14:41 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-10 14:41 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-10 14:40 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 14:40 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 14:40 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 14:40 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-10 14:40 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 14:40 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 14:40 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 14:40 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 14:40 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 14:40 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 14:40 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 14:40 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 14:40 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 14:40 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 14:40 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-10 14:40 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 14:40 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 14:40 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 14:40 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-10 14:40 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-10 14:40 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-10 14:40 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 14:40 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 14:40 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 14:40 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 14:40 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 14:40 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-10 14:40 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-10 14:40 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 14:40 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-10 14:40 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 14:40 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 14:40 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 14:40 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 14:40 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 14:40 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 14:40 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 14:40 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 14:40 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 14:40 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 14:40 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 14:40 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 14:40 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 14:40 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 14:40 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 14:40 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 14:40 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 14:40 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 14:40 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 14:40 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 14:40 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-10 14:40 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-10 14:40 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-10 14:40 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-10 14:40 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-10 14:39 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 14:39 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 14:39 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-10 14:39 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-10 14:39 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 14:39 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 14:39 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-10 14:39 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-10 14:39 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 14:39 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 10:20 - 2015-03-10 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-10 10:19 - 2015-03-10 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-03-10 10:18 - 2015-03-10 10:18 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-10 10:18 - 2015-03-10 10:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-03-10 10:15 - 2015-03-10 10:15 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-10 10:15 - 2015-03-10 10:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-03-10 10:14 - 2015-03-10 15:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 10:14 - 2015-03-10 13:49 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Microsoft Help
2015-03-10 10:14 - 2015-03-10 10:14 - 00000000 __RHD () C:\MSOCache
2015-03-10 10:11 - 2015-03-10 10:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-09 20:48 - 2015-03-10 17:42 - 00036864 _____ () C:\Users\BamaBrat\Desktop\Island Labor March 16 thru March 22.xls
2015-03-09 19:54 - 2015-03-10 15:33 - 00036352 _____ () C:\Users\BamaBrat\Desktop\Island Labor March 9 thru March 15.xls
2015-03-09 09:43 - 2015-03-09 09:43 - 00013906 _____ () C:\Users\BamaBrat\Downloads\labor sheet(1).zip
2015-03-08 15:10 - 2015-03-08 15:10 - 00086100 _____ () C:\Users\BamaBrat\Downloads\calendar.zip
2015-03-08 14:33 - 2015-03-08 14:33 - 00008704 _____ () C:\Users\BamaBrat\Desktop\Island Supply List March, 8 2015.xls
2015-03-08 14:20 - 2015-03-08 14:21 - 00419492 _____ () C:\Users\BamaBrat\Downloads\Island Order March 8, 2015.xlsx
2015-03-06 00:08 - 2015-03-06 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 16:43 - 2015-03-05 16:46 - 00011264 _____ () C:\Users\BamaBrat\Desktop\Sales May 2014 - December 2014.xls
2015-03-05 16:29 - 2015-03-05 16:29 - 00416160 _____ () C:\Users\BamaBrat\Downloads\Order sheet 382015.zip
2015-03-05 15:40 - 2015-03-08 14:23 - 00007680 _____ () C:\Users\BamaBrat\Desktop\Local Supply List.xls
2015-03-05 15:38 - 2015-03-15 22:47 - 00120320 _____ () C:\Users\BamaBrat\Desktop\Island Sales 2015.xls
2015-03-05 15:33 - 2015-03-08 18:49 - 00019562 _____ () C:\Users\BamaBrat\Desktop\Island Labor Allocation.ods
2015-03-05 15:27 - 2015-03-05 15:27 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\LogMeIn
2015-03-05 15:27 - 2015-03-05 15:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-05 13:58 - 2015-03-05 13:58 - 00016172 _____ () C:\Users\BamaBrat\Downloads\labor sheet.zip
2015-03-05 13:03 - 2015-03-05 13:03 - 00011264 _____ () C:\Users\BamaBrat\Desktop\Sysco Island December 14,2014.xls
2015-03-05 11:55 - 2015-03-05 11:55 - 00016023 _____ () C:\Users\BamaBrat\Downloads\ExampleProjectedMarchSchedule.xlsx
2015-03-05 11:44 - 2015-03-05 11:44 - 03022928 _____ () C:\Users\BamaBrat\Downloads\vip.zip
2015-03-05 11:44 - 2015-03-05 11:44 - 01609016 _____ () C:\Users\BamaBrat\Downloads\Important Spreadsheets.zip
2015-03-05 11:42 - 2015-03-05 11:42 - 00122020 _____ () C:\Users\BamaBrat\Downloads\More VIP forms.zip
2015-03-04 15:54 - 2015-03-05 15:37 - 00048640 ____H () C:\Users\BamaBrat\Desktop\~WRL0001.tmp
2015-03-04 14:17 - 2015-03-04 14:17 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\OpenOffice
2015-03-03 23:04 - 2015-03-03 23:04 - 00122368 _____ () C:\Users\BamaBrat\Downloads\Island Sales 2015.xls
2015-03-02 22:15 - 2015-03-18 13:01 - 00083968 ___SH () C:\Users\BamaBrat\Desktop\Thumbs.db
2015-03-02 22:01 - 2015-03-02 22:02 - 05977528 _____ (Lenovo Inc.) C:\Users\BamaBrat\Downloads\Lenovo.SuperFishRemovalTool.exe
2015-03-01 18:10 - 2015-03-14 00:47 - 00375296 ___SH () C:\Users\BamaBrat\Downloads\Thumbs.db
2015-02-27 00:40 - 2015-02-27 00:40 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 21:02 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 21:02 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-26 21:02 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 21:02 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-26 21:02 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 21:02 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-26 20:57 - 2015-02-26 20:57 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-26 02:41 - 2015-02-26 02:41 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-26 02:41 - 2015-02-26 02:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-26 02:40 - 2015-02-26 20:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-24 16:09 - 2015-03-03 22:24 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-02-24 16:09 - 2015-02-24 16:09 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-02-24 16:09 - 2015-02-24 16:09 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2015-02-24 16:09 - 2015-02-24 16:09 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-02-20 15:12 - 2015-02-20 15:12 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 15:41 - 2015-02-07 13:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1136846300-3956240899-3284163035-1001
2015-03-18 15:37 - 2014-03-18 05:47 - 01157900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 15:36 - 2015-02-07 00:49 - 00000000 ___RD () C:\Users\BamaBrat\OneDrive
2015-03-18 15:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-18 14:23 - 2015-02-07 14:07 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\IMVU
2015-03-18 14:00 - 2015-02-07 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 13:56 - 2015-02-07 15:41 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-18 13:54 - 2014-11-30 13:14 - 01555410 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 13:52 - 2015-02-07 13:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2061BD93-D365-4521-89AC-1E4F015CD8FB}
2015-03-18 13:43 - 2015-02-07 13:34 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\clear.fi
2015-03-18 13:41 - 2013-08-22 10:46 - 00028417 _____ () C:\Windows\setupact.log
2015-03-18 13:41 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 13:40 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-18 13:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 13:32 - 2014-03-18 05:39 - 00020410 _____ () C:\Windows\PFRO.log
2015-03-18 13:17 - 2015-02-07 13:49 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\CrashDumps
2015-03-18 13:06 - 2014-07-24 23:26 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-18 13:02 - 2014-07-24 23:26 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-18 11:59 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Pokki
2015-03-17 23:51 - 2015-02-07 13:36 - 00002336 _____ () C:\Users\BamaBrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-16 01:46 - 2015-02-07 13:33 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\VirtualStore
2015-03-16 00:30 - 2013-08-22 10:44 - 00493368 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 00:28 - 2015-02-07 15:46 - 00000945 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-16 00:28 - 2015-02-07 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-14 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-11 14:27 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat
2015-03-11 14:14 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-11 14:07 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 15:06 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-10 14:57 - 2015-02-10 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 14:53 - 2015-02-10 23:18 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 10:18 - 2014-11-30 12:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-10 10:18 - 2014-07-24 23:06 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-10 10:18 - 2014-03-18 05:33 - 00000000 ____D () C:\Windows\ShellNew
2015-03-10 10:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-10 10:15 - 2013-08-22 09:25 - 00000199 _____ () C:\Windows\win.ini
2015-03-08 14:17 - 2015-02-07 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 17:10 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Packages
2015-03-05 15:41 - 2015-02-07 23:16 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Adobe
2015-03-05 15:41 - 2015-02-07 13:33 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\Adobe
2015-03-04 22:49 - 2015-02-07 22:27 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-04 22:49 - 2015-02-07 22:27 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-03-04 17:24 - 2015-02-11 13:04 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2015-02-11 13:04 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 02:12 - 2015-02-07 00:28 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\Gyazo
2015-02-26 00:07 - 2014-11-30 12:19 - 00000000 ____D () C:\ProgramData\Intel
2015-02-25 02:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 16:09 - 2014-11-30 11:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-24 16:09 - 2014-11-30 11:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-24 16:09 - 2014-07-24 23:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-20 14:16 - 2015-02-07 14:07 - 00001937 _____ () C:\Users\BamaBrat\Desktop\IMVU.lnk
2015-02-20 14:14 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\BamaBrat\AppData\Roaming\IMVUClient

==================== Files in the root of some directories =======

2014-11-30 12:28 - 2014-11-30 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\BamaBrat\AppData\Local\Temp\oct6D0.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\Quarantine.exe
C:\Users\BamaBrat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 14:11

==================== End Of Log ============================



C:\FRST\Quarantine\C\Program Files (x86)\UniDeals\nyL6XWabKR5b3G.x64.dll a variant of Win64/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\Program Files (x86)\youtubeadblocker\YHad8UzCYgCSwI.x64.dll a variant of Win64/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\Users\BamaBrat\AppData\Local\Temp\ReimagePackage.exe.xBAD a variant of Win32/ReImageRepair.E potentially unwanted application
C:\FRST\Quarantine\C\Users\BamaBrat\Downloads\ReimageRepair.exe.xBAD Win32/ReImageRepair.F potentially unwanted application
C:\Users\BamaBrat\AppData\Local\Microsoft\Windows\INetCache\IE\AEHF7L05\ReimagePackage1811x64a[1].exe a variant of Win32/ReImageRepair.E potentially unwanted application
C:\Users\BamaBrat\AppData\Local\Temp\9EF0\temp\hpds_setup.exe Win32/SProtector.M potentially unwanted application
bama2719
Active Member
 
Posts: 6
Joined: March 16th, 2015, 2:06 am

Re: BHO, Hyperlinks, popups

Unread postby Cypher » March 19th, 2015, 9:41 am

Hi,
Good work so far.
We need to run another fix, once done give me an update on how your computer is running.
If you are having no problems i will give you final instructions.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisBA35.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
    2015-03-18 11:59 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Pokki
    C:\Users\BamaBrat\AppData\Local\Microsoft\Windows\INetCache\IE\AEHF7L05\ReimagePackage1811x64a[1].exe
    C:\Users\BamaBrat\AppData\Local\Temp\9EF0\temp\hpds_setup.exe 
    C:\Users\BamaBrat\AppData\Local\Temp\oct6D0.tmp.exe
    C:\Users\BamaBrat\AppData\Local\Temp\Quarantine.exe
    C:\Users\BamaBrat\AppData\Local\Temp\sqlite3.dll
    
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: BHO, Hyperlinks, popups

Unread postby bama2719 » March 19th, 2015, 11:23 am

Thank you so very much it is running perfectly!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by BamaBrat at 2015-03-19 11:21:44 Run:2
Running from C:\Users\BamaBrat\Downloads
Loaded Profiles: BamaBrat (Available profiles: BamaBrat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisBA35.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
2015-03-18 11:59 - 2015-02-07 13:32 - 00000000 ____D () C:\Users\BamaBrat\AppData\Local\Pokki
C:\Users\BamaBrat\AppData\Local\Microsoft\Windows\INetCache\IE\AEHF7L05\ReimagePackage1811x64a[1].exe
C:\Users\BamaBrat\AppData\Local\Temp\9EF0\temp\hpds_setup.exe
C:\Users\BamaBrat\AppData\Local\Temp\oct6D0.tmp.exe
C:\Users\BamaBrat\AppData\Local\Temp\Quarantine.exe
C:\Users\BamaBrat\AppData\Local\Temp\sqlite3.dll

CMD: ipconfig /flushdns
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox newtab deleted successfully.
C:\Users\BamaBrat\AppData\Local\Pokki => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Microsoft\Windows\INetCache\IE\AEHF7L05\ReimagePackage1811x64a[1].exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\9EF0\temp\hpds_setup.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\oct6D0.tmp.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\BamaBrat\AppData\Local\Temp\sqlite3.dll => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog 11:21:53 ====
bama2719
Active Member
 
Posts: 6
Joined: March 16th, 2015, 2:06 am

Re: BHO, Hyperlinks, popups

Unread postby Cypher » March 19th, 2015, 11:28 am

Thank you so very much it is running perfectly!

My pleasure, and that's good to hear :thumbleft:
Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: BHO, Hyperlinks, popups

Unread postby bama2719 » March 19th, 2015, 1:28 pm

I truly appreciate all your help Cypher all is well. I ran the clean up and everything is great!
bama2719
Active Member
 
Posts: 6
Joined: March 16th, 2015, 2:06 am

Re: BHO, Hyperlinks, popups

Unread postby Cypher » March 19th, 2015, 1:56 pm

bama2719 wrote:I truly appreciate all your help Cypher all is well. I ran the clean up and everything is great!

You're welcome, glad we could help :)
As you have no questions i will close this topic.
Good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware