Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware and Pop-Ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware and Pop-Ups

Unread postby Gary R » May 23rd, 2015, 12:52 am

OK, please do the following ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\Common Files\IMGUpdater
C:\Program Files (x86)\Common Files\Umbrella
C:\Program Files (x86)\gmsd_us_608
C:\Program Files (x86)\Iminent
C:\Users\Max\AppData\Local\00000000-1431767532-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Local\gmsd_us_608
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\9BE5209DB4BBBD550FD08C6300BE104EF0A4ACDD
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4316C607672AA82926923CEC3971907E0F2A5 
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4F3F4EBABF7E1BC2E01189A26269B9B520122
C:\Users\Max\AppData\Local\SmartWeb
C:\Users\Max\AppData\Local\Temp\7460.exe
C:\Users\Max\AppData\Local\Temp\9067.exe
C:\Users\Max\AppData\Local\Temp\ICReinstall_nsx95B2.tmp
C:\Users\Max\AppData\Local\Temp\nsd8879.tmp
C:\Users\Max\AppData\Local\Temp\nsgDF40.tmp
C:\Users\Max\AppData\Local\Temp\nsx95B2.tmp
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp
C:\Users\Max\AppData\Local\Temp\is-V2FKJ.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.com
C:\Windows\apppatch\apppatch64\VCLdr64.dll_1432269666548
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Reboot your computer, then run a new scan for me using FRST and post me the log it creates.

Also, please let me know how your computer is running now.





.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 25th, 2015, 3:25 pm

Gary,

Here is my fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Max at 2015-05-25 12:03:41 Run:4
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\Common Files\IMGUpdater
C:\Program Files (x86)\Common Files\Umbrella
C:\Program Files (x86)\gmsd_us_608
C:\Program Files (x86)\Iminent
C:\Users\Max\AppData\Local\00000000-1431767532-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Local\gmsd_us_608
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\9BE5209DB4BBBD550FD08C6300BE104EF0A4ACDD
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4316C607672AA82926923CEC3971907E0F2A5
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4F3F4EBABF7E1BC2E01189A26269B9B520122
C:\Users\Max\AppData\Local\SmartWeb
C:\Users\Max\AppData\Local\Temp\7460.exe
C:\Users\Max\AppData\Local\Temp\9067.exe
C:\Users\Max\AppData\Local\Temp\ICReinstall_nsx95B2.tmp
C:\Users\Max\AppData\Local\Temp\nsd8879.tmp
C:\Users\Max\AppData\Local\Temp\nsgDF40.tmp
C:\Users\Max\AppData\Local\Temp\nsx95B2.tmp
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp
C:\Users\Max\AppData\Local\Temp\is-V2FKJ.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.com
C:\Windows\apppatch\apppatch64\VCLdr64.dll_1432269666548
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

C:\Program Files (x86)\Common Files\IMGUpdater => Moved successfully.
C:\Program Files (x86)\Common Files\Umbrella => Moved successfully.
C:\Program Files (x86)\gmsd_us_608 => Moved successfully.
C:\Program Files (x86)\Iminent => Moved successfully.
C:\Users\Max\AppData\Local\00000000-1431767532-0000-0000-6C626DB6DAC3 => Moved successfully.

"C:\Users\Max\AppData\Local\gmsd_us_608" folder move:

Could not move "C:\Users\Max\AppData\Local\gmsd_us_608" folder => Scheduled to move on reboot.

C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K => Moved successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9 => Moved successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9 => Moved successfully.
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\9BE5209DB4BBBD550FD08C6300BE104EF0A4ACDD => Moved successfully.
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4316C607672AA82926923CEC3971907E0F2A5 => Moved successfully.
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4F3F4EBABF7E1BC2E01189A26269B9B520122 => Moved successfully.

"C:\Users\Max\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\Max\AppData\Local\SmartWeb" folder => Scheduled to move on reboot.

C:\Users\Max\AppData\Local\Temp\7460.exe => Moved successfully.
C:\Users\Max\AppData\Local\Temp\9067.exe => Moved successfully.
C:\Users\Max\AppData\Local\Temp\ICReinstall_nsx95B2.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nsd8879.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nsgDF40.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nsx95B2.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-V2FKJ.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.com => Moved successfully.
C:\Windows\apppatch\apppatch64\VCLdr64.dll_1432269666548 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 688.9 MB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-25 12:07:06)<=

C:\Users\Max\AppData\Local\gmsd_us_608 => Is moved successfully
C:\Users\Max\AppData\Local\SmartWeb => Moved successfully

==== End of Fixlog 12:07:06 ====
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 25th, 2015, 3:25 pm

Here is my FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Max (administrator) on LEVIATHAN on 25-05-2015 12:13:58
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\shopperz\Anneliese.exe
( ) C:\Windows\Temp\mrt6FE0.tmp\stdrt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\shopperz\csrcc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\shopperz\Grubb.exe
() C:\Program Files (x86)\Edu App\updateEduApp.exe
() C:\Program Files (x86)\Edu App\bin\utilEduApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe
() C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter64.exe
() C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\shopperz\Brito.exe
() C:\Program Files\shopperz\Brito64.exe
() C:\Program Files (x86)\Edu App\bin\EduApp.expext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SoftBrain Technologies Ltd.) C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWeb\SmartWebHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftBrain Technologies Ltd.) C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWeb\SmartWebApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Brito.exe [431976 2015-05-20] ()
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Brito64.exe [462696 2015-05-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [gmsd_us_585] => "C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe"
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [gmsd_us_608] => "C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: C:\ProgramData\LolliScan\LolliScan32.dll => "C:\ProgramData\LolliScan\LolliScan32.dll" File not found
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk [2015-05-16]
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe ()
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-22]
ShortcutTarget: SmartWeb.lnk -> C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com/?appId=28f88e0 ... 87fa16661b
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
URLSearchHook: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=28f88e0 ... toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {89804BA5-1501-4E4F-8667-82EDEE5D6F77} URL = https://search.yahoo.com/search?fr=chr- ... =667671&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=28f88e0 ... toolbox&q={searchTerms}
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen64.dll [2015-05-20] ()
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO-x32: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen32.dll [2015-05-20] ()
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll No File
BHO-x32: Edu App 1.0.0.7 -> {ebfbdd44-c0e0-4f63-a8e6-ee5f34765238} -> C:\Program Files (x86)\Edu App\EduAppbho.dll [2015-05-22] (Edu App)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1FD4CAA7-EB74-4F00-8A1E-887D577F4861}: [NameServer] 31.168.228.251,82.166.96.251
Tcpip\..\Interfaces\{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}: [NameServer] 31.168.228.251,82.166.96.251
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default
FF NewTab: hxxp://start.iminent.com/?ref=NewTab&ap ... 87fa16661b
FF DefaultSearchEngine.US: StartWeb
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://start.iminent.com/?appId=28f88e0 ... 87fa16661b
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\user.js [2015-05-22]
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\firefox-add-ons.xml [2014-11-11]
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\youtube.xml [2014-11-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml [2015-05-20]
FF Extension: ColorZilla - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-01-03]
FF Extension: Zoom It - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{7859af48-8c14-af2d-7933-c21a908d3b92} [2015-05-17]
FF Extension: Add to Search Bar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-11-27]
FF Extension: IMDb ratings for watchever - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\jid1-FpyZ8qozEHjs2A@jetpack.xpi [2014-11-11]
FF Extension: Minibar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\minibar@go.im.xpi [2015-05-22]
FF Extension: Edu App 1.0.1 - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}.xpi [2015-05-22]
FF Extension: IMDB Search - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-11-11]
FF Extension: Web Developer - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-01-03]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\all-iminent.js [2015-05-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 1DEA2C4A-8529-46b5-ACC0-C3873ED068E6; C:\Program Files\shopperz\Anneliese.exe [283496 2015-05-20] ()
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-16] ( ) [] <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 csrcc; C:\Program Files\shopperz\csrcc.exe [1447272 2015-05-20] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 shopperz Updater; C:\Program Files\shopperz\Grubb.exe [172392 2015-05-20] ()
R2 Update Edu App; C:\Program Files (x86)\Edu App\updateEduApp.exe [651496 2015-05-25] ()
R2 Util Edu App; C:\Program Files (x86)\Edu App\bin\utilEduApp.exe [651496 2015-05-25] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [X]
S2 lipypiwe; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp [X]
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella221.exe [X]
S2 xixynyko; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp [X]
S2 xygefuzu; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-05-20] (Cherimoya Ltd)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S0 xymc; C:\Windows\SysWOW64\drivers\gprmjo.sys [61440 2015-05-21] () []
R1 {3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64; C:\Windows\System32\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64.sys [48776 2015-05-22] (StdLib)
R1 {6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64; C:\Windows\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64.sys [48776 2015-05-25] (StdLib)
R1 {6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64; C:\Windows\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64.sys [48776 2015-05-25] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:00 - 2015-05-25 04:50 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64.sys
2015-05-25 11:59 - 2015-05-25 04:50 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64.sys
2015-05-22 19:27 - 2015-05-22 11:52 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64.sys
2015-05-22 19:25 - 2015-05-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Edu App
2015-05-22 19:25 - 2015-05-22 19:25 - 00001132 _____ () C:\Users\Max\Desktop\Continue Live Installation.lnk
2015-05-22 19:24 - 2015-05-22 19:24 - 00003614 _____ () C:\WINDOWS\System32\Tasks\Norwood
2015-05-22 19:24 - 2015-05-20 10:42 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-05-22 19:23 - 2015-05-22 19:24 - 00000000 ____D () C:\Program Files\shopperz
2015-05-22 19:23 - 2015-05-22 19:23 - 00004028 _____ () C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-22 19:05 - 2015-05-25 12:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3369700690-3850376273-3648611264-1001
2015-05-22 19:00 - 2015-05-22 19:00 - 00003896 _____ () C:\Users\Max\Desktop\JRT.txt
2015-05-22 18:47 - 2015-05-22 18:47 - 02223104 _____ () C:\Users\Max\Downloads\adwcleaner_4.205.exe
2015-05-21 21:50 - 2015-05-21 21:50 - 00061440 _____ () C:\WINDOWS\SysWOW64\Drivers\gprmjo.sys
2015-05-21 21:50 - 2015-05-21 21:50 - 00000116 _____ () C:\WINDOWS\SysWOW64\apeg.txt
2015-05-21 21:49 - 2015-05-21 21:49 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F}
2015-05-21 21:41 - 2015-05-21 21:41 - 00003454 _____ () C:\WINDOWS\System32\Tasks\avabvbxvh
2015-05-16 10:17 - 2015-05-19 19:33 - 00000112 _____ () C:\ProgramData\A8OL14R.dat
2015-05-16 09:37 - 2015-05-16 09:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-16 09:35 - 2015-05-16 09:37 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
2015-05-16 09:28 - 2015-05-16 09:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-05-16 09:12 - 2015-05-17 11:38 - 00000000 ____D () C:\Users\Max\AppData\Local\RapidMediaConverter
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\RapidMediaConverter
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2013-08-22 06:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-16 09:11 - 2015-05-25 12:07 - 00000346 _____ () C:\WINDOWS\Tasks\EMAUAH1.job
2015-05-16 09:11 - 2015-05-25 12:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3
2015-05-16 09:11 - 2015-05-16 09:11 - 00003552 _____ () C:\WINDOWS\System32\Tasks\HJPQXRTER
2015-05-16 09:11 - 2015-05-16 09:11 - 00002860 _____ () C:\WINDOWS\System32\Tasks\EMAUAH1
2015-05-16 09:11 - 2015-05-16 09:11 - 00000000 ____D () C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-05-14 20:03 - 2015-05-14 20:03 - 00034660 _____ () C:\Users\Max\Desktop\AdwCleaner[S1].txt
2015-05-14 20:02 - 2015-05-14 20:02 - 00015878 _____ () C:\Users\Max\Desktop\Search.txt
2015-05-14 19:43 - 2015-05-16 09:13 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-05-14 19:39 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:39 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:19 - 2015-04-24 14:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-14 19:19 - 2015-04-09 17:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-14 19:19 - 2015-04-09 17:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-14 19:19 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-14 19:19 - 2015-04-01 15:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-14 19:19 - 2015-04-01 15:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-14 19:19 - 2015-03-31 20:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-14 19:19 - 2015-03-31 19:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-14 19:19 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-14 19:19 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-14 19:19 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-14 19:19 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-14 19:19 - 2015-03-19 18:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-14 19:19 - 2015-03-17 10:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-14 19:19 - 2015-03-12 21:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-14 19:19 - 2015-03-12 21:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-14 19:19 - 2015-03-12 18:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-14 19:19 - 2015-03-12 17:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-14 19:19 - 2015-03-12 17:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-14 19:19 - 2015-03-10 18:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-14 19:19 - 2015-03-10 18:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-14 19:19 - 2015-03-08 19:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-14 19:19 - 2015-03-05 20:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-14 19:19 - 2015-03-05 19:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-14 19:19 - 2015-03-05 19:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-14 19:19 - 2015-03-04 16:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-14 19:19 - 2015-03-03 18:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-14 19:19 - 2015-03-03 18:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 19:19 - 2015-02-17 16:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-14 19:19 - 2015-01-29 17:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-14 19:19 - 2014-11-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-14 19:18 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-14 19:18 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-14 19:18 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-14 19:18 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-14 19:18 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-14 19:18 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-14 19:18 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-14 19:18 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-14 19:18 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-14 19:18 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-14 19:18 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-14 19:18 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-14 19:18 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-14 19:18 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-14 19:18 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-14 19:18 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-14 19:18 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-14 19:18 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-14 19:18 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-14 19:18 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-14 19:18 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-14 19:18 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-14 19:18 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-14 19:18 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-14 19:18 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-14 19:18 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-14 19:18 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-14 19:18 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-14 19:18 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-14 19:18 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-14 19:18 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-14 19:18 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-14 19:18 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-14 19:18 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-14 19:18 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-14 19:18 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-14 19:18 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-14 19:18 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-14 19:18 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-14 19:18 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-14 19:18 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-14 19:18 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-14 19:18 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-14 19:18 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-14 19:18 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-14 19:18 - 2015-04-02 17:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-14 19:18 - 2015-04-02 17:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 19:18 - 2015-03-12 19:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-08 18:42 - 2015-05-14 20:05 - 00031709 _____ () C:\Users\Max\Desktop\Addition.txt
2015-05-08 18:41 - 2015-05-25 12:13 - 00015573 _____ () C:\Users\Max\Desktop\FRST.txt
2015-05-08 18:41 - 2015-05-16 09:11 - 00000000 ____D () C:\ProgramData\11277746069964851351
2015-05-08 18:35 - 2015-05-08 18:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-04-27 21:03 - 2015-04-27 21:03 - 00000000 _____ () C:\WINDOWS\SysWOW64\Number of results
2015-04-27 20:52 - 2015-04-27 20:52 - 00000000 ____D () C:\Users\Max\Documents\FRST
2015-04-27 20:32 - 2015-04-27 20:32 - 00688992 _____ (Swearware) C:\Users\Max\Downloads\dds(1).scr
2015-04-27 20:29 - 2015-05-25 11:56 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Skype
2015-04-27 20:29 - 2015-05-22 19:24 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\Users\Max\AppData\Local\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-27 20:28 - 2015-05-22 19:24 - 00002211 _____ () C:\Users\Max\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-04-27 20:28 - 2015-05-22 19:24 - 00001041 _____ () C:\Users\Max\Desktop\GUPlayer.lnk
2015-04-27 20:24 - 2015-05-25 12:06 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job
2015-04-27 20:24 - 2015-04-27 20:24 - 00000000 ____D () C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:14 - 2015-02-10 19:53 - 00000000 ____D () C:\FRST
2015-05-25 12:09 - 2014-11-07 22:01 - 01927688 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 12:08 - 2015-04-16 21:17 - 00000105 _____ () C:\WINDOWS\SysWOW64\get.dat
2015-05-25 12:07 - 2014-11-07 22:19 - 00000000 ___RD () C:\Users\Max\OneDrive
2015-05-25 12:07 - 2013-08-22 06:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-05-25 12:06 - 2014-12-19 08:28 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2015-05-25 12:06 - 2014-09-24 00:03 - 00036426 _____ () C:\WINDOWS\PFRO.log
2015-05-25 12:06 - 2013-08-22 07:46 - 00310150 _____ () C:\WINDOWS\setupact.log
2015-05-25 12:06 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 12:05 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-25 12:03 - 2015-02-12 19:44 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion
2015-05-25 12:03 - 2015-02-12 19:39 - 02108928 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2015-05-25 12:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-25 11:44 - 2013-11-22 17:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-22 19:24 - 2015-04-16 20:40 - 00001405 _____ () C:\Users\Max\Desktop\Continue installation .lnk
2015-05-22 19:24 - 2015-04-15 21:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-22 19:24 - 2015-02-12 19:24 - 00002273 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-22 19:24 - 2015-02-10 19:40 - 00002077 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2015-05-22 19:24 - 2014-12-14 19:54 - 00000866 _____ () C:\Users\Max\Desktop\CDisplayEx.lnk
2015-05-22 19:24 - 2014-11-07 22:18 - 00001317 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 19:24 - 2014-11-07 22:07 - 00000551 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-11-07 22:07 - 00000549 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-11-06 00:02 - 00001863 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-05-22 19:24 - 2014-11-05 20:28 - 00001029 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000551 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000551 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000549 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000549 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-01-15 16:39 - 00002037 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-05-22 19:24 - 2014-01-15 16:36 - 00001104 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-22 18:51 - 2015-02-12 19:51 - 00000000 ____D () C:\AdwCleaner
2015-05-22 18:43 - 2015-01-18 18:25 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE950254-3CFE-4BFD-968B-A2856722D332}
2015-05-22 18:42 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-22 18:41 - 2015-04-03 20:21 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-22 18:41 - 2015-04-03 20:21 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 18:39 - 2015-04-16 21:54 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-19 19:39 - 2015-04-16 20:41 - 00000000 ____D () C:\WINDOWS\SysHealthController
2015-05-19 19:39 - 2015-04-16 20:41 - 00000000 ____D () C:\WINDOWS\SysFilesController
2015-05-19 19:38 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-17 01:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 21:29 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 10:16 - 2014-11-07 22:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-16 09:22 - 2014-09-24 00:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 19:46 - 2014-11-14 22:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:46 - 2014-11-14 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 19:46 - 2013-08-22 07:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-14 19:44 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 19:44 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 19:37 - 2014-01-15 16:53 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 19:37 - 2014-01-15 16:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 19:33 - 2014-01-15 16:39 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 19:32 - 2014-11-14 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 19:26 - 2014-09-23 23:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 18:49 - 2014-11-07 22:07 - 00000000 ____D () C:\Users\Max
2015-05-08 18:39 - 2015-02-25 19:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\uTorrent
2015-05-05 10:59 - 2014-09-24 03:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 10:59 - 2014-09-24 03:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-05-16 10:17 - 2015-05-19 19:33 - 0000112 _____ () C:\ProgramData\A8OL14R.dat

Files to move or delete:
====================
C:\ProgramData\A8OL14R.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 19:12

==================== End of log ============================
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 25th, 2015, 3:26 pm

Here is the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Max at 2015-05-25 12:14:29
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3369700690-3850376273-3648611264-500 - Administrator - Disabled)
Guest (S-1-5-21-3369700690-3850376273-3648611264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369700690-3850376273-3648611264-1003 - Limited - Enabled)
Max (S-1-5-21-3369700690-3850376273-3648611264-1001 - Administrator - Enabled) => C:\Users\Max

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
CinemaPlus_2.0V16.05 (HKLM-x32\...\CinemaPlus_2.0V16.05) (Version: 1.36.01.22 - CinemaPlus_2.0V16.05) <==== ATTENTION
Consumer Input Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.307 - Compete Inc.) <==== ATTENTION
Edu App (HKLM\...\Edu App) (Version: 2015.05.23.002423 - Edu App) <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GamesDesktop 025.585 (HKLM-x32\...\gmsd_us_585_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.598 (HKLM-x32\...\gmsd_us_598_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.608 (HKLM-x32\...\gmsd_us_608_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 7.48.4.1 - Iminent) <==== ATTENTION
IminentToolbar (HKLM-x32\...\IminentToolbar) (Version: 7.48.4.1 - Iminent) <==== ATTENTION
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
OneSoftPerDay 025.1014 (HKLM-x32\...\ospd_us_1014_is1) (Version: - ONESOFTPERDAY)
PathMaxx (HKLM\...\PathMaxx) (Version: 2015.05.16.132338 - PathMaxx) <==== ATTENTION
Quick Ref 1.10.0.12 (HKLM-x32\...\QuickRef_1.10.0.12) (Version: 1.10.0.12 - Quick Ref) <==== ATTENTION!
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidMediaConverter (HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\RapidMediaConverter) (Version: 1.0.1.16 - RapidMediaConverter)
SDU version 3.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 3.8 - )
shopperz 2.0.0.461 (HKLM\...\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1) (Version: 2.0.0.461 - shopperz)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPrograms (HKLM-x32\...\WebWatcherInstall) (Version: - )
WinPrograms (HKLM-x32\...\WinPrograms) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-04-2015 05:13:45 Windows Update
14-05-2015 19:21:49 Windows Update
16-05-2015 10:15:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
22-05-2015 18:39:47 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E2146EE-3D5B-4A12-91FF-CBDFB504843B} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat [2015-05-20] ()
Task: {0F0CAF73-A5A5-40D4-A664-1C1C0220EAEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {1F3AE2D5-5D96-462F-9F41-F69FD3CC3377} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1FA9B445-350F-4835-BF2C-96AF95425380} - System32\Tasks\SysHealth_Controller_Mon => C:\WINDOWS\SysFilesController\SysFiles_backup.exe
Task: {42625468-6C7A-4750-B778-1DF66BCE37D8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {44CD8520-5006-4D21-BA21-796213738693} - \SMWUpd No Task File <==== ATTENTION
Task: {5656256E-2DA9-4FED-84E7-8ED6A1EE016A} - System32\Tasks\avabvbxvh => C:\Users\Max\AppData\Local\avabvbxvh\avabvbxvh.exe <==== ATTENTION
Task: {5810B4D0-DA01-4515-B116-B27AC9F20564} - System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F} => pcalua.exe -a C:\Users\Max\AppData\Local\Temp\Temp1_avenger.zip\avenger.exe
Task: {5C077C66-CDAF-4194-9A58-5F56EE2A758A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {683E56B8-60CC-405C-AABE-AB4541659A46} - System32\Tasks\KCXOIF => C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe
Task: {79FCBC20-4628-4005-93A8-89315CD79EFE} - System32\Tasks\EMAUAH1 => C:\ProgramData\LolliScan\LolliScan.exe
Task: {7B13B1BA-03E2-49FA-9A67-93041B98F21C} - System32\Tasks\CloudHIDEAWAY => C:\Program Files (x86)\CloudScout Parental Control\CloudHIDEAWAY.exe
Task: {841907F2-E41D-4619-BC41-9BB240EF38D2} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {8B25951E-3EC5-4527-AE08-AD1F2EC3F1FC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {92ED8193-5D55-4A64-A03D-5A91F545BF67} - \Taplika mite No Task File <==== ATTENTION
Task: {9739F298-F92B-4907-9BF6-975F6A557B21} - \SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 No Task File <==== ATTENTION
Task: {A81AD961-DD21-40D8-BEA0-47BEFECC857F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {B62FABBB-6CBC-43B1-A905-6DE985B0F639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1984A02-6B05-4D50-A915-128DF686119F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D2FB8B1F-1BD0-48EA-BE42-6DBDBED781C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F4044F64-61D6-4F9A-A764-C6EF2A09DC52} - System32\Tasks\HJPQXRTER => C:\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe
Task: {F76CD251-7173-421F-BCBC-8215640FF70D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EMAUAH1.job => C:\ProgramData\LolliScan\LolliScan.exe
Task: C:\WINDOWS\Tasks\Taplika mite.job => Wscript.exe C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js 433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c 687474703a2f2f73616f2e7461627072742e636f6d2f --IsErIk.LEV

==================== Loaded Modules (Whitelisted) ==============

2015-05-22 19:23 - 2015-05-20 17:21 - 00283496 _____ () C:\Program Files\shopperz\Anneliese.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-22 19:24 - 2015-05-20 17:21 - 01447272 _____ () C:\Program Files\shopperz\csrcc.exe
2015-05-22 19:24 - 2015-05-20 17:21 - 00172392 _____ () C:\Program Files\shopperz\Grubb.exe
2015-05-22 19:27 - 2015-05-25 11:59 - 00651496 _____ () C:\Program Files (x86)\Edu App\updateEduApp.exe
2015-05-22 14:25 - 2015-05-25 12:02 - 00651496 _____ () C:\Program Files (x86)\Edu App\bin\utilEduApp.exe
2015-05-22 19:24 - 2015-05-20 17:21 - 00295784 _____ () C:\Program Files\shopperz\Sturgeon64.dll
2015-05-22 19:27 - 2015-05-25 04:50 - 00353512 _____ () C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe
2015-05-22 19:27 - 2015-05-25 04:49 - 00126184 _____ () C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter64.exe
2015-05-22 19:27 - 2015-05-25 04:49 - 00108264 _____ () C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter.exe
2015-05-22 19:23 - 2015-05-20 17:21 - 00431976 _____ () C:\Program Files\shopperz\Brito.exe
2015-05-22 19:23 - 2015-05-20 17:21 - 00462696 _____ () C:\Program Files\shopperz\Brito64.exe
2015-05-22 19:23 - 2015-05-20 17:21 - 00629608 _____ () C:\Program Files\shopperz\Winfrey64.dll
2015-05-22 19:23 - 2015-05-20 17:21 - 00274280 _____ () C:\Program Files\shopperz\Ivonne64.dll
2015-05-22 19:23 - 2015-05-20 17:21 - 00335208 _____ () C:\Program Files\shopperz\Earlene64.dll
2015-05-22 19:27 - 2015-05-25 08:48 - 00101608 _____ () C:\Program Files (x86)\Edu App\bin\EduApp.expext.exe
2014-08-21 08:42 - 2014-08-21 08:42 - 01123320 _____ () C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe
2015-05-25 12:06 - 2015-05-25 12:06 - 00307200 _____ () C:\WINDOWS\TEMP\mrt6FE0.tmp\MMFS2.dll
2015-05-25 12:06 - 2015-05-25 12:06 - 00021504 _____ () C:\WINDOWS\TEMP\mrt6FE0.tmp\Get.mfx
2015-05-25 12:06 - 2015-05-25 12:06 - 00059392 _____ () C:\WINDOWS\TEMP\mrt6FE0.tmp\Yaso.mfx
2015-05-22 19:24 - 2015-05-20 17:21 - 00289640 _____ () C:\Program Files\shopperz\Sturgeon.dll
2015-05-22 19:23 - 2015-05-20 17:21 - 00618344 _____ () C:\Program Files\shopperz\Winfrey.dll
2015-05-22 19:23 - 2015-05-20 17:21 - 00239976 _____ () C:\Program Files\shopperz\Ivonne.dll
2015-05-22 19:23 - 2015-05-20 17:21 - 00310120 _____ () C:\Program Files\shopperz\Earlene32.dll
2015-05-22 19:27 - 2015-05-25 08:48 - 00081640 _____ () C:\Program Files (x86)\Edu App\bin\EduApp.expextdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\4a81fefa200c5c1935c8fca37911a403-d389tgc.jpg
DNS Servers: 31.168.228.251 - 82.166.96.251

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "Search Protection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AD978BC-82F6-4609-80F5-B3F33BB3FC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8275DCCF-64B5-4CBE-8C89-2CF90462C757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85975536-523C-428D-9FD6-AC966550EF75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75AB1DA5-7998-4FAE-A265-6DF2EF235328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5371B7D4-35F3-4060-9CB7-0545A9911017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB016FA-7FC4-43F0-A24C-2FF97C04A767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1582D62F-A029-439D-95EB-5CD1ACC2CE14}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{21802013-5F97-4405-8A11-74DE6FB8DAB7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{934E1972-4E17-4F36-A272-68F36A1BB754}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{101BA77D-7DCA-4BFF-A39B-3890285DF586}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{4C3061B6-38F3-4819-BE51-C98B72D27FE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14CDA4D8-9F86-4156-BFB4-3AE542551E5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D591C37-4373-47B7-BBEE-09E7B8418A0A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 00:08:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x167c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 00:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x167c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 00:04:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FF8F6D1DEE0

Error: (05/25/2015 11:55:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xbd0
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 11:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xbd0
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 11:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xbd0
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 11:43:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/22/2015 07:13:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/22/2015 07:05:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/22/2015 07:05:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.


System errors:
=============
Error: (05/25/2015 00:06:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Task Bar Pixel service failed to start due to the following error:
%%2

Error: (05/25/2015 00:06:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Memory Small Letters service failed to start due to the following error:
%%2

Error: (05/25/2015 00:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SProtection service failed to start due to the following error:
%%2

Error: (05/25/2015 00:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link Upload service failed to start due to the following error:
%%2

Error: (05/25/2015 00:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GlobalUpdater service failed to start due to the following error:
%%2

Error: (05/25/2015 00:06:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error:
%%1053

Error: (05/25/2015 00:06:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.

Error: (05/22/2015 07:24:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The GlobalUpdater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/22/2015 07:24:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/22/2015 06:59:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (05/25/2015 00:08:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6167c01d0971e25605321C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll754298e6-0311-11e5-be91-6c626db6dac3

Error: (05/25/2015 00:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6167c01d0971e25605321C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll722f5a73-0311-11e5-be91-6c626db6dac3

Error: (05/25/2015 00:04:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FF8F6D1DEE0

Error: (05/25/2015 11:55:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6bd001d0971c5cbd2f0eC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dlla03caee2-030f-11e5-be90-6c626db6dac3

Error: (05/25/2015 11:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6bd001d0971c5cbd2f0eC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dlla008f2f9-030f-11e5-be90-6c626db6dac3

Error: (05/25/2015 11:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6bd001d0971c5cbd2f0eC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll9fae27eb-030f-11e5-be90-6c626db6dac3

Error: (05/25/2015 11:43:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe

Error: (05/22/2015 07:13:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/22/2015 07:05:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (05/22/2015 07:05:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
Date: 2015-05-25 12:13:25.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:25.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:24.877
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:24.397
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:24.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:23.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:23.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-22 20:19:02.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-22 20:19:02.591
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-22 20:19:02.451
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 11%
Total physical RAM: 14327.11 MB
Available physical RAM: 12641.45 MB
Total Pagefile: 16503.11 MB
Available Pagefile: 14427.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:806.12 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:4.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FA7C697B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End of log ============================
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 25th, 2015, 3:32 pm

Computer update: I am still getting pop-ups and Internet Explorer is basically unusable. There's a program called Super Optimizer opens up when the computer starts that's malware. A lot of the stuff that isn't supposed to be on my computer has been removed though. I think we're almost there.

Max
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 25th, 2015, 5:35 pm

To be honest, I believe we're flogging a dead horse here.

Your computer is so badly infected that it is almost impossible for us to remove everything in one pass, and unless we can do that, then the remnants just re-infect your computer, and we're back to where we started.

Your latest FRST logs are every bit as infected as the first FRST logs you posted.

We can maybe get there, if you're prepared to totally disconnect your infected computer from the internet, and not re-connect it until we've got it clean, but even then it's going to take time, and we still may not be successful. You'd also have to communicate with me using another computer, since even the briefest period online would allow your infected machine to regenerate its infection.

In my opinion, your quickest and best option for a malware free machine, is to back up your personal files and folders, and then reformat your hard drive and re-install windows. I know it's probably not what you want to hear, but nonetheless I believe it is your best option.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 26th, 2015, 5:42 pm

Gary,

If you're willing I would like to try and take my machine offline. I do have a laptop I can use to communicate with you. If it fails, then I will format the computer and reinstall the operating system.
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 27th, 2015, 12:54 am

Sure, no problem.

OK, what I want to do first is clear the decks so to speak, so that I can get a clearer look at things, and therefore be able to spot what needs taking care of more easily.

First ...

If you haven't already done so, please back up your personal files and folders to some form of detachable media (usb stick, dvd etc)

Next ...

Let's remove all the stuff we've already quarantined, so it's easier to spot the new infection entries.

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following box (ensure the others remain unchecked) ...
    • Remove disinfection tools

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

This will remove all the tools we've been using so far to clean your machine, and all the files they've quarantined. So we'll need to download new copies of them. Once that's done, I'll need you to detach your computer from the internet.

Next ...

Please download the following tools to the desktop of your infected machine. Do not download them on your clean machine and transfer them, since there is a chance the infection may transfer.

AdwCleaner
Junkware Removal Tool
FRST64

Once you have done that, please disconnect your computer from the internet. If your modem connection uses a cable then detach the cable. If you have a wireless connection then there's usually a key combination that will break the connection (on my computer it is Fn+F3 but it may be different on yours). If you use this method, please be aware that if you have to re-boot, the connection will re-establish itself, so you'll need to break it again.

Once you're detached from the internet ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Then ...

  • Shut down your protection software now to avoid potential conflicts.
  • Run JRT by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Then ...

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Ensure the Addition.txt button is checked.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;EduApp;shopperz;Crossbrowse;LolliScan;RapidMediaConverter;SmartWeb;Iminent;Minibar;CinemaPlus;GamesDesktop;PathMaxx

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • JRT log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 27th, 2015, 11:32 pm

Gary,

Here is my ADWCleaner log:
# AdwCleaner v4.205 - Logfile created 27/05/2015 at 20:04:23
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1 Pro (x64)
# Username : Max - LEVIATHAN
# Running from : C:\Users\Max\Desktop\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : cherimoya
[#] Service Deleted : csrcc
[#] Service Deleted : GlobalUpdater
[#] Service Deleted : shopperz Updater
[#] Service Deleted : SProtection
[#] Service Deleted : Update Edu App
[#] Service Deleted : Util Edu App
Service Deleted : {3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64
Service Deleted : {6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64
Service Deleted : {6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64
[#] Service Deleted : 1DEA2C4A-8529-46b5-ACC0-C3873ED068E6

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\Edu App
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Max\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Max\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\minibar@go.im.xpi
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}.xpi
File Deleted : C:\WINDOWS\System32\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64.sys
File Deleted : C:\WINDOWS\System32\drivers\cherimoya.sys
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Max\Desktop\Continue Live Installation.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Edu App
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Edu App
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1317e5f7-3acf-4d74-a9ae-4ce526026e3f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Edu App
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\IMGUPDATER
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Umbrella
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\Edu App
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edu App
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[174u8fal.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=28f88e0f-5209-4b18-a186-5a87fa16661b");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=28f88e0f-5209-4b18-a186-5a87fa16661b");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.cookie.previous_page.value", "%22hxxp%3A//www.iminent.com/en/confirm/1106%22");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anth[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.BirthDate", "1432347854");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.LayoutId", "1");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.adapters", "{\"www.iminent.com\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14323478620338[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.cifs", "0");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.enableToolbar", "true");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "obsolete");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.imitinjs.info/imitin/javascript.js\",\"urlhxxp[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.newtabredirect", "true");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.nomsi", "true");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.searchindex", "1");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.version", "9.21.3.1");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.21.3.1\",\"InstallEventCTime\":1432347858880,\"InstallEvent\":\"True\"}");

*************************

AdwCleaner[R0].txt - [12562 bytes] - [27/05/2015 20:03:44]
AdwCleaner[S0].txt - [11467 bytes] - [27/05/2015 20:04:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11527 bytes] ##########


Here is my JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows 8.1 Pro x64
Ran by Max on Wed 05/27/2015 at 20:08:17.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_585
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_608



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Max\appdata\local\rapidmediaconverter
Successfully deleted: [Folder] C:\Users\Max\appdata\locallow\company
Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\compete
Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\rapidmediaconverter
Successfully deleted: [Folder] C:\ProgramData\11277746069964851351



~~~ FireFox

Successfully deleted the following from C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\174u8fal.default\prefs.js

user_pref(extensions.2tfwq0iCAg306NxO.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.GkyO2LpVivrM6oEH.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.xT9jw3y171RuhBwp.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/27/2015 at 20:09:42.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 27th, 2015, 11:36 pm

I'm sorry, I accidentally put the ADWCleaner and JRT in the same post, excuse me. Here is my FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Max (administrator) on LEVIATHAN on 27-05-2015 20:18:36
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Max\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Brito.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Brito64.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: C:\ProgramData\LolliScan\LolliScan32.dll => "C:\ProgramData\LolliScan\LolliScan32.dll" File not found
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk [2015-05-16]
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {89804BA5-1501-4E4F-8667-82EDEE5D6F77} URL = https://search.yahoo.com/search?fr=chr- ... =667671&p={searchTerms}
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen64.dll No File
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1FD4CAA7-EB74-4F00-8A1E-887D577F4861}: [NameServer] 31.168.228.251,82.166.96.251
Tcpip\..\Interfaces\{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}: [NameServer] 31.168.228.251,82.166.96.251
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default
FF DefaultSearchEngine.US: StartWeb
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\firefox-add-ons.xml [2014-11-11]
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\youtube.xml [2014-11-09]
FF Extension: ColorZilla - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-01-03]
FF Extension: Zoom It - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{7859af48-8c14-af2d-7933-c21a908d3b92} [2015-05-17]
FF Extension: Add to Search Bar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-11-27]
FF Extension: IMDb ratings for watchever - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\jid1-FpyZ8qozEHjs2A@jetpack.xpi [2014-11-11]
FF Extension: IMDB Search - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-11-11]
FF Extension: Web Developer - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-01-03]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-16] ( ) [File not signed] <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 lipypiwe; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp [X]
S2 xixynyko; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp [X]
S2 xygefuzu; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S0 xymc; C:\Windows\SysWOW64\drivers\gprmjo.sys [61440 2015-05-21] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 20:18 - 2015-05-27 20:19 - 00010053 _____ () C:\Users\Max\Desktop\FRST.txt
2015-05-27 20:18 - 2015-05-27 20:17 - 02108928 _____ (Farbar) C:\Users\Max\Desktop\FRST64(1).exe
2015-05-27 20:09 - 2015-05-27 20:09 - 00002479 _____ () C:\Users\Max\Desktop\JRT.txt
2015-05-27 20:09 - 2015-05-27 20:09 - 00000000 ____D () C:\Users\Max\AppData\Local\RapidMediaConverter
2015-05-27 20:08 - 2015-05-27 20:08 - 00000000 ____D () C:\RegBackup
2015-05-27 20:03 - 2015-05-27 20:04 - 00000000 ____D () C:\AdwCleaner
2015-05-27 20:03 - 2015-05-27 20:01 - 02223104 _____ () C:\Users\Max\Desktop\adwcleaner_4.205.exe
2015-05-27 20:03 - 2015-05-27 19:56 - 02946603 _____ (Thisisu) C:\Users\Max\Desktop\JRT(1).exe
2015-05-27 19:58 - 2015-05-27 19:58 - 00001491 _____ () C:\DelFix.txt
2015-05-22 19:24 - 2015-05-22 19:24 - 00003614 _____ () C:\WINDOWS\System32\Tasks\Norwood
2015-05-22 19:05 - 2015-05-27 20:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3369700690-3850376273-3648611264-1001
2015-05-21 21:50 - 2015-05-21 21:50 - 00061440 _____ () C:\WINDOWS\SysWOW64\Drivers\gprmjo.sys
2015-05-21 21:50 - 2015-05-21 21:50 - 00000116 _____ () C:\WINDOWS\SysWOW64\apeg.txt
2015-05-21 21:49 - 2015-05-21 21:49 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F}
2015-05-21 21:41 - 2015-05-21 21:41 - 00003454 _____ () C:\WINDOWS\System32\Tasks\avabvbxvh
2015-05-16 10:17 - 2015-05-19 19:33 - 00000112 _____ () C:\ProgramData\A8OL14R.dat
2015-05-16 09:37 - 2015-05-16 09:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-16 09:28 - 2015-05-16 09:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2013-08-22 06:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-16 09:11 - 2015-05-27 20:07 - 00000346 _____ () C:\WINDOWS\Tasks\EMAUAH1.job
2015-05-16 09:11 - 2015-05-25 12:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3
2015-05-16 09:11 - 2015-05-16 09:11 - 00003552 _____ () C:\WINDOWS\System32\Tasks\HJPQXRTER
2015-05-16 09:11 - 2015-05-16 09:11 - 00002860 _____ () C:\WINDOWS\System32\Tasks\EMAUAH1
2015-05-16 09:11 - 2015-05-16 09:11 - 00000000 ____D () C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-05-14 19:43 - 2015-05-16 09:13 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-05-14 19:39 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:39 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:19 - 2015-04-24 14:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-14 19:19 - 2015-04-09 17:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-14 19:19 - 2015-04-09 17:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-14 19:19 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-14 19:19 - 2015-04-01 15:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-14 19:19 - 2015-04-01 15:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-14 19:19 - 2015-03-31 20:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-14 19:19 - 2015-03-31 19:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-14 19:19 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-14 19:19 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-14 19:19 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-14 19:19 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-14 19:19 - 2015-03-19 18:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-14 19:19 - 2015-03-17 10:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-14 19:19 - 2015-03-12 21:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-14 19:19 - 2015-03-12 21:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-14 19:19 - 2015-03-12 18:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-14 19:19 - 2015-03-12 17:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-14 19:19 - 2015-03-12 17:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-14 19:19 - 2015-03-10 18:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-14 19:19 - 2015-03-10 18:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-14 19:19 - 2015-03-08 19:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-14 19:19 - 2015-03-05 20:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-14 19:19 - 2015-03-05 19:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-14 19:19 - 2015-03-05 19:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-14 19:19 - 2015-03-04 16:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-14 19:19 - 2015-03-03 18:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-14 19:19 - 2015-03-03 18:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 19:19 - 2015-02-17 16:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-14 19:19 - 2015-01-29 17:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-14 19:19 - 2014-11-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-14 19:18 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-14 19:18 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-14 19:18 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-14 19:18 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-14 19:18 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-14 19:18 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-14 19:18 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-14 19:18 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-14 19:18 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-14 19:18 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-14 19:18 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-14 19:18 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-14 19:18 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-14 19:18 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-14 19:18 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-14 19:18 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-14 19:18 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-14 19:18 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-14 19:18 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-14 19:18 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-14 19:18 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-14 19:18 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-14 19:18 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-14 19:18 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-14 19:18 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-14 19:18 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-14 19:18 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-14 19:18 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-14 19:18 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-14 19:18 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-14 19:18 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-14 19:18 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-14 19:18 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-14 19:18 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-14 19:18 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-14 19:18 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-14 19:18 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-14 19:18 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-14 19:18 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-14 19:18 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-14 19:18 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-14 19:18 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-14 19:18 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-14 19:18 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-14 19:18 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-14 19:18 - 2015-04-02 17:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-14 19:18 - 2015-04-02 17:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 19:18 - 2015-03-12 19:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-08 18:35 - 2015-05-08 18:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-04-27 21:03 - 2015-04-27 21:03 - 00000000 _____ () C:\WINDOWS\SysWOW64\Number of results
2015-04-27 20:52 - 2015-04-27 20:52 - 00000000 ____D () C:\Users\Max\Documents\FRST
2015-04-27 20:29 - 2015-05-25 11:56 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Skype
2015-04-27 20:29 - 2015-05-22 19:24 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\Users\Max\AppData\Local\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 20:29 - 2015-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-27 20:28 - 2015-05-22 19:24 - 00002211 _____ () C:\Users\Max\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-04-27 20:28 - 2015-05-22 19:24 - 00001041 _____ () C:\Users\Max\Desktop\GUPlayer.lnk
2015-04-27 20:24 - 2015-05-25 12:06 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job
2015-04-27 20:24 - 2015-04-27 20:24 - 00000000 ____D () C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 20:18 - 2015-02-10 19:53 - 00000000 ____D () C:\FRST
2015-05-27 20:17 - 2014-11-07 22:01 - 02010738 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-27 20:07 - 2014-11-07 22:19 - 00000000 ___RD () C:\Users\Max\OneDrive
2015-05-27 20:06 - 2013-08-22 07:46 - 00310227 _____ () C:\WINDOWS\setupact.log
2015-05-27 20:06 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-27 20:05 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-27 20:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-27 19:44 - 2013-11-22 17:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-25 12:15 - 2015-01-18 18:25 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE950254-3CFE-4BFD-968B-A2856722D332}
2015-05-25 12:08 - 2015-04-16 21:17 - 00000105 _____ () C:\WINDOWS\SysWOW64\get.dat
2015-05-25 12:07 - 2013-08-22 06:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-05-25 12:06 - 2014-12-19 08:28 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2015-05-25 12:06 - 2014-09-24 00:03 - 00036426 _____ () C:\WINDOWS\PFRO.log
2015-05-22 19:24 - 2015-04-16 20:40 - 00001405 _____ () C:\Users\Max\Desktop\Continue installation .lnk
2015-05-22 19:24 - 2015-04-15 21:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-22 19:24 - 2015-02-12 19:24 - 00002273 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-22 19:24 - 2015-02-10 19:40 - 00002077 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2015-05-22 19:24 - 2014-12-14 19:54 - 00000866 _____ () C:\Users\Max\Desktop\CDisplayEx.lnk
2015-05-22 19:24 - 2014-11-07 22:18 - 00001317 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 19:24 - 2014-11-07 22:07 - 00000551 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-11-07 22:07 - 00000549 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-11-06 00:02 - 00001863 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-05-22 19:24 - 2014-11-05 20:28 - 00001029 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000551 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000551 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000549 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-09-24 00:25 - 00000549 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-22 19:24 - 2014-01-15 16:39 - 00002037 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-05-22 19:24 - 2014-01-15 16:36 - 00001104 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-22 18:42 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-22 18:41 - 2015-04-03 20:21 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-22 18:41 - 2015-04-03 20:21 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 18:39 - 2015-04-16 21:54 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-19 19:39 - 2015-04-16 20:41 - 00000000 ____D () C:\WINDOWS\SysHealthController
2015-05-19 19:39 - 2015-04-16 20:41 - 00000000 ____D () C:\WINDOWS\SysFilesController
2015-05-19 19:38 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-17 01:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 21:29 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 10:16 - 2014-11-07 22:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-16 09:22 - 2014-09-24 00:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 19:46 - 2014-11-14 22:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:46 - 2014-11-14 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 19:46 - 2013-08-22 07:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-14 19:44 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 19:44 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 19:37 - 2014-01-15 16:53 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 19:37 - 2014-01-15 16:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 19:33 - 2014-01-15 16:39 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 19:32 - 2014-11-14 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 19:26 - 2014-09-23 23:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 18:49 - 2014-11-07 22:07 - 00000000 ____D () C:\Users\Max
2015-05-08 18:39 - 2015-02-25 19:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\uTorrent
2015-05-05 10:59 - 2014-09-24 03:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 10:59 - 2014-09-24 03:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-05-16 10:17 - 2015-05-19 19:33 - 0000112 _____ () C:\ProgramData\A8OL14R.dat

Files to move or delete:
====================
C:\ProgramData\A8OL14R.dat


Some files in TEMP:
====================
C:\Users\Max\AppData\Local\Temp\Quarantine.exe
C:\Users\Max\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 19:43

==================== End of log ============================
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 27th, 2015, 11:37 pm

Here is my Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Max at 2015-05-27 20:19:12
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3369700690-3850376273-3648611264-500 - Administrator - Disabled)
Guest (S-1-5-21-3369700690-3850376273-3648611264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369700690-3850376273-3648611264-1003 - Limited - Enabled)
Max (S-1-5-21-3369700690-3850376273-3648611264-1001 - Administrator - Enabled) => C:\Users\Max

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
CinemaPlus_2.0V16.05 (HKLM-x32\...\CinemaPlus_2.0V16.05) (Version: 1.36.01.22 - CinemaPlus_2.0V16.05) <==== ATTENTION
Consumer Input Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.307 - Compete Inc.) <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GamesDesktop 025.585 (HKLM-x32\...\gmsd_us_585_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.598 (HKLM-x32\...\gmsd_us_598_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.608 (HKLM-x32\...\gmsd_us_608_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
OneSoftPerDay 025.1014 (HKLM-x32\...\ospd_us_1014_is1) (Version: - ONESOFTPERDAY)
PathMaxx (HKLM\...\PathMaxx) (Version: 2015.05.16.132338 - PathMaxx) <==== ATTENTION
Quick Ref 1.10.0.12 (HKLM-x32\...\QuickRef_1.10.0.12) (Version: 1.10.0.12 - Quick Ref) <==== ATTENTION!
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidMediaConverter (HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\RapidMediaConverter) (Version: 1.0.1.16 - RapidMediaConverter)
SDU version 3.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 3.8 - )
shopperz 2.0.0.461 (HKLM\...\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1) (Version: 2.0.0.461 - shopperz)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPrograms (HKLM-x32\...\WebWatcherInstall) (Version: - )
WinPrograms (HKLM-x32\...\WinPrograms) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-04-2015 05:13:45 Windows Update
14-05-2015 19:21:49 Windows Update
16-05-2015 10:15:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
22-05-2015 18:39:47 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E2146EE-3D5B-4A12-91FF-CBDFB504843B} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat
Task: {0F0CAF73-A5A5-40D4-A664-1C1C0220EAEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {1F3AE2D5-5D96-462F-9F41-F69FD3CC3377} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1FA9B445-350F-4835-BF2C-96AF95425380} - System32\Tasks\SysHealth_Controller_Mon => C:\WINDOWS\SysFilesController\SysFiles_backup.exe
Task: {42625468-6C7A-4750-B778-1DF66BCE37D8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {44CD8520-5006-4D21-BA21-796213738693} - \SMWUpd No Task File <==== ATTENTION
Task: {5656256E-2DA9-4FED-84E7-8ED6A1EE016A} - System32\Tasks\avabvbxvh => C:\Users\Max\AppData\Local\avabvbxvh\avabvbxvh.exe <==== ATTENTION
Task: {5810B4D0-DA01-4515-B116-B27AC9F20564} - System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F} => pcalua.exe -a C:\Users\Max\AppData\Local\Temp\Temp1_avenger.zip\avenger.exe
Task: {5C077C66-CDAF-4194-9A58-5F56EE2A758A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {683E56B8-60CC-405C-AABE-AB4541659A46} - System32\Tasks\KCXOIF => C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe
Task: {79FCBC20-4628-4005-93A8-89315CD79EFE} - System32\Tasks\EMAUAH1 => C:\ProgramData\LolliScan\LolliScan.exe
Task: {7B13B1BA-03E2-49FA-9A67-93041B98F21C} - System32\Tasks\CloudHIDEAWAY => C:\Program Files (x86)\CloudScout Parental Control\CloudHIDEAWAY.exe
Task: {8B25951E-3EC5-4527-AE08-AD1F2EC3F1FC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {92ED8193-5D55-4A64-A03D-5A91F545BF67} - \Taplika mite No Task File <==== ATTENTION
Task: {9739F298-F92B-4907-9BF6-975F6A557B21} - \SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 No Task File <==== ATTENTION
Task: {A81AD961-DD21-40D8-BEA0-47BEFECC857F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {B62FABBB-6CBC-43B1-A905-6DE985B0F639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1984A02-6B05-4D50-A915-128DF686119F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D2FB8B1F-1BD0-48EA-BE42-6DBDBED781C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F4044F64-61D6-4F9A-A764-C6EF2A09DC52} - System32\Tasks\HJPQXRTER => C:\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe
Task: {F76CD251-7173-421F-BCBC-8215640FF70D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EMAUAH1.job => C:\ProgramData\LolliScan\LolliScan.exe
Task: C:\WINDOWS\Tasks\Taplika mite.job => Wscript.exe C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js 433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c 687474703a2f2f73616f2e7461627072742e636f6d2f --IsErIk.LEV

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 08:42 - 2014-08-21 08:42 - 01123320 _____ () C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\4a81fefa200c5c1935c8fca37911a403-d389tgc.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "Search Protection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AD978BC-82F6-4609-80F5-B3F33BB3FC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8275DCCF-64B5-4CBE-8C89-2CF90462C757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85975536-523C-428D-9FD6-AC966550EF75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75AB1DA5-7998-4FAE-A265-6DF2EF235328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5371B7D4-35F3-4060-9CB7-0545A9911017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB016FA-7FC4-43F0-A24C-2FF97C04A767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1582D62F-A029-439D-95EB-5CD1ACC2CE14}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{21802013-5F97-4405-8A11-74DE6FB8DAB7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{934E1972-4E17-4F36-A272-68F36A1BB754}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{101BA77D-7DCA-4BFF-A39B-3890285DF586}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{4C3061B6-38F3-4819-BE51-C98B72D27FE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14CDA4D8-9F86-4156-BFB4-3AE542551E5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D591C37-4373-47B7-BBEE-09E7B8418A0A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 08:07:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x1110
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/27/2015 08:07:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x1110
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/27/2015 08:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x1110
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/27/2015 07:32:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xa4
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/27/2015 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xa4
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/27/2015 07:32:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0xa4
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3187

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3187

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:18:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1609


System errors:
=============
Error: (05/27/2015 08:10:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (05/27/2015 08:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/27/2015 08:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (05/27/2015 08:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/27/2015 08:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/27/2015 08:08:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/27/2015 08:08:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/27/2015 08:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (05/27/2015 08:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Task Bar Pixel service failed to start due to the following error:
%%2

Error: (05/27/2015 08:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Memory Small Letters service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (05/27/2015 08:07:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6111001d098f36c22447fC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllba615bd2-04e6-11e5-be92-0018e7deb4cb

Error: (05/27/2015 08:07:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6111001d098f36c22447fC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllba29a929-04e6-11e5-be92-0018e7deb4cb

Error: (05/27/2015 08:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6111001d098f36c22447fC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllb5f7fd63-04e6-11e5-be92-0018e7deb4cb

Error: (05/27/2015 07:32:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6a401d098ee6ce1e622C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllbad5755a-04e1-11e5-be91-6c626db6dac3

Error: (05/27/2015 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6a401d098ee6ce1e622C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllba5aed96-04e1-11e5-be91-6c626db6dac3

Error: (05/27/2015 07:32:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6a401d098ee6ce1e622C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dllb7e4dac5-04e1-11e5-be91-6c626db6dac3

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3187

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3187

Error: (05/25/2015 00:18:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:18:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1609


CodeIntegrity Errors:
===================================
Date: 2015-05-27 20:12:28.998
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:17.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:16.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:16.684
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:15.818
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:15.678
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:14.502
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-27 19:58:14.368
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:25.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 12:13:25.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 9%
Total physical RAM: 14327.11 MB
Available physical RAM: 12922.98 MB
Total Pagefile: 16503.11 MB
Available Pagefile: 15061.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:807.63 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:4.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FA7C697B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End of log ============================
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 27th, 2015, 11:39 pm

Here is my Search log:

Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Max at 2015-05-27 20:22:49
Running from C:\Users\Max\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;EduApp;shopperz;Crossbrowse;LolliScan;RapidMediaConverter;SmartWeb;Iminent;Minibar;CinemaPlus;GamesDesktop;PathMaxx" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"6013214C586B6E849BDB4E9F1148E14B"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "clientconnect" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"


===================== Search result for "EduApp" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
""="IEduApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
""="IEduApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
""="IEduApp"

[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\EduApp.BrowserAdapter64.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.eduapphome.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe]


===================== Search result for "shopperz" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}]
""="shopperz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.Treena]
""="shopperz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}\1.0\0\win32]
""="C:\Program Files\shopperz\Anneliese.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A}\LocalServer32]
""=""C:\Program Files\shopperz\Anneliese.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}\1.0\0\win32]
""="C:\Program Files\shopperz\Anneliese.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}]
""="shopperz Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shopperz"="C:\Program Files\shopperz\Brito.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shopperz64"="C:\Program Files\shopperz\Brito64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1]
"Inno Setup: App Path"="C:\Program Files\shopperz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1]
"Inno Setup: Icon Group"="shopperz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1]
"UninstallString"=""C:\Program Files\shopperz\unins000.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1]
"Publisher"="shopperz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{2395B860-45E4-42fd-96E6-50BA597C1C42}"="C:\Program Files\shopperz\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\extensions]
"{2395B860-45E4-42fd-96E6-50BA597C1C42}"="C:\Program Files\shopperz\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A}\LocalServer32]
""=""C:\Program Files\shopperz\Anneliese.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}\1.0\0\win32]
""="C:\Program Files\shopperz\Anneliese.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]

[HKEY_USERS\S-1-5-19\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
"Name"="C:\Program Files\shopperz\wrex.exe"

[HKEY_USERS\S-1-5-20\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
"Name"="C:\Program Files\shopperz\wrex.exe"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\shopperz]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\{5A31095A-14C9-4e16-8C04-A7717D78ED22}]
"Name"="C:\Program Files\shopperz\Brito.exe"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
"Name"="C:\Program Files\shopperz\wrex.exe"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
"Name"="C:\Program Files\shopperz\wrex.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]


===================== Search result for "Crossbrowse" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse\.exe\shell\opennewwindow\command]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- %*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
""="Crossbrowse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
"Localized Name"="Crossbrowse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\crossbrowse.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]
"Image"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\VisualElements\splash-620x300.png"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]
"Image"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\VisualElements\splash-620x300.png"


===================== Search result for "LolliScan" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\ProgramData\LolliScan\LolliScan32.dll "


===================== Search result for "RapidMediaConverter" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\RapidMediaConverterApp.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a86359b_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_1462522c&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume2\Users\Max\AppData\Local\RapidMediaConverter\RapidMediaConverterBrowser.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"RapidMediaConverterApp.exe"="65535"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\RapidMediaConverter]
"DisplayName"="RapidMediaConverter"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\RapidMediaConverter]
"DisplayIcon"="C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterappuninstall.exe"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe"="0x5341435001000000000000000700000028000000F823110051D6110001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000033EF0000000000000100000001000000"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\RapidMediaConverterApp]


===================== Search result for "SmartWeb" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliPoint\AppSpecific\SmartWebApp.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a17b8281_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_1462522c&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume2\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWeb\SmartWebApp.exe%b{00000000-0000-0000-0000-000000000000}"


===================== Search result for "Iminent" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\sslminibar]


===================== Search result for "Minibar" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\minibar]


===================== Search result for "CinemaPlus" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05-nv-ie\Manifest]
"Name"="CinemaPlus_2.0V16.05"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05-nv-ie\Plugins\91]
"JavaScript"="
(function(M){window.__loaderIsRunning__=false;var A=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus_2.0V16.05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus_2.0V16.05]
"DisplayIcon"="C:\Program Files (x86)\CinemaPlus_2.0V16.05\utils.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus_2.0V16.05]
"UninstallString"="C:\Program Files (x86)\CinemaPlus_2.0V16.05\Uninstall.exe /fcp=1 /runexe='C:\Program Files (x86)\CinemaPlus_2.0V16.05\UninstallBrw.exe' /url='http://notif.basememlog.com/notf_sys/index.html' /brwtype='uni' /onerrorexe='C:\Program Files (x86)\CinemaPlus_2.0V16.05\utils.exe' /crregname='CinemaPlus_2.0V16.05' /appid='72895' /srcid='002240' /bic='7ce8ccf36c08d5b8d5e8f86c6d17fc49IE' /verifier='c49f96bf99d7e9e0ea3e5ac06c88fb75' /brwshtoms='15000' /installerversion='1_36_01_22' /statsdomain='http://stats.basememlog.com/utility.gif?' /errorsdomain='http://errors.basememlog.com/utility.gif?' /monetizationdomain='http://logs.basememlog.com/monetization.gif?' "

[HKEY_USERS\.DEFAULT\Software\CinemaPlus_2.0V16.05-nv-ie]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05-nv-ie]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\eb3ae3aa_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_1462522c&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume2\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-10.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\cinemaplus\unins000.exe"="0x5341435001000000000000000700000028000000A1FA0A000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F2110000000000000100000001000000"

[HKEY_USERS\S-1-5-18\Software\CinemaPlus_2.0V16.05-nv-ie]


===================== Search result for "GamesDesktop" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_585_is1]
"Inno Setup: Icon Group"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_585_is1]
"Publisher"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_585_is1]
"HelpLink"="http://us.gamesdesktop.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_598_is1]
"Inno Setup: Icon Group"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_598_is1]
"Publisher"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_598_is1]
"HelpLink"="http://us.gamesdesktop.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_608_is1]
"Inno Setup: Icon Group"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_608_is1]
"Publisher"="GAMESDESKTOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_608_is1]
"HelpLink"="http://us.gamesdesktop.com"


===================== Search result for "PathMaxx" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
""="IPathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0]
""="PathMaxxIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0\HELPDIR]
""="C:\Program Files (x86)\PathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
""="IPathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0]
""="PathMaxxIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0\HELPDIR]
""="C:\Program Files (x86)\PathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]
"UninstallString"="C:\Program Files (x86)\PathMaxx\PathMaxxuninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]
"InstallLocation"="C:\Program Files (x86)\PathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]
"Publisher"="PathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]
"URLUpdateInfo"="http://pathmaxx.net"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PathMaxx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
""="IPathMaxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0]
""="PathMaxxIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}\1.0\HELPDIR]
""="C:\Program Files (x86)\PathMaxx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xymc]
"rscn"=".NET CLR Data
.NET CLR Networking
.NET CLR Networking 4.0.0.0
.NET Data Provider for Oracle
.NET Data Provider for SqlServer
.NET Memory Cache 4.0
.NETFramework
1394ohci
3ware
ACPI
acpiex
acpipagr
AcpiPmi
acpitime
Adobe Licensing Console
AdobeARMservice
AdobeFlashPlayerUpdateSvc
ADP80XX
adsi
AeLookupSvc
AFD
agp440
ahcache
ALG
AMD External Events Utility
AmdK8
amdkmafd
amdkmdag
amdkmdap
AmdPPM
amdsata
amdsbs
amdxata
AppID
AppIDSvc
Appinfo
Apple Mobile Device
Apple Mobile Device Service
AppMgmt
AppReadiness
AppXSvc
arcsas
atapi
athr
Atierecord
AtiHDAudioService
AudioEndpointBuilder
Audiosrv
AxInstSV
b06bdrv
BasicDisplay
BasicRender
BattC
bcmfn2
BDESVC
be0fb33b
Beep
BFE
BITS
Bonjour Service
bowser
BrokerInfrastructure
Browser
BrsHelper
BthAvrcpTg
BthHFEnum
bthhfhid
BthHFSrv
BTHMODEM
BTHPORT
bthserv
cae99edb
cdc5517a
cdfs
cdrom
CertPropSvc
circlass
CLFS
clr_optimization_v2.0.50727_32
clr_optimization_v2.0.50727_64
clr_optimization_v4.0.30319_32
clr_optimization_v4.0.30319_64
CltMngSvc
CmBatt
CNG
CngHwAssist
CompositeBus
COMSysApp
condrv
CoupoonService64
crypt32
CryptSvc
CSC
CscService
dam
dc3d
DCLocator
DcomLaunch
defragsvc
DeviceAssociationService
DeviceInstall
Dfsc
Dhcp
DiagTrack
disk
dmvsc
Dnscache
dot3svc
DPS
drmkaud
DsmSvc
DXGKrnl
Eaphost
ebdrv
EFS
EhStorClass
EhStorTcgDrv
ErrDev
ESENT
EventLog
EventSystem
exfat
fastfat
Fax
fdc
fdPHost
FDResPub
fhsvc
FileInfo
Filetrace
flpydisk
FltMgr
FontCache
FontCache3.0.0.0
FsDepends
Fs_Rec
fvevol
FxPPM
gagp30kx
GEARAspiWDM
gencounter
globalUpdate
globalUpdatem
GPIOClx0101
gpsvc
HdAudAddService
HDAudBus
HidBatt
HidBth
hidi2c
HidIr
hidserv
HidUsb
hkmsvc
HomeGroupListener
HomeGroupProvider
HpSAMD
HTTP
hwpolicy
hyperkbd
HyperVideo
i8042prt
iaLPSSi_GPIO
iaLPSSi_I2C
iaStorAV
iaStorV
IEEtwCollectorService
IKEEXT
inetaccs
intelide
intelpep
intelppm
IpFilterDriver
iphlpsvc
IPMIDRV
IPNAT
iPod Service
IRENUM
isapnp
iScsiPrt
kbdclass
kbdhid
kbldfltr
kdnic
KeyIso
KSecDD
KSecPkg
ksthunk
KtmRm
LanmanServer
LanmanWorkstation
ldap
lfsvc
lipypiwe
lltdio
lltdsvc
lmhosts
Lsa
LSI_SAS
LSI_SAS2
LSI_SAS3
LSI_SSS
LSM
luafv
megasas
megasr
MMCSS
Modem
monitor
mouclass
mouhid
mountmgr
MozillaMaintenance
mpsdrv
MpsSvc
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
MsBridge
MSDTC
MSDTC Bridge 3.0.0.0
MSDTC Bridge 4.0.0.0
Msfs
msgpiowin32
mshidkmdf
mshidumdf
msisadrv
MSiSCSI
msiserver
MsKeyboardFilter
MSKSSRV
MsLldp
MSPCLOCK
MSPQM
MsRPC
MSSCNTRS
mssmbios
MSTEE
MTConfig
Mup
mvumis
napagent
NativeWifiP
NcaSvc
NcbService
NcdAutoSetup
NDIS
NdisCap
NdisImPlatform
NdisTapi
Ndisuio
NdisVirtualBus
NdisWan
NdisWanLegacy
NDProxy
Ndu
NetBIOS
NetBT
netfilter64
Netlogon
Netman
netprofm
NetTcpPortSharing
netvsc
NlaSvc
Npfs
npsvctrig
nsi
nsiproxy
NTDS
Ntfs
NuidFltr
Null
nvraid
nvstor
nv_agp
p2pimsvc
p2psvc
Parport
partmgr
PcaSvc
pci
pciide
pcmcia
pcw
pdc
PEAUTH
PeerDistSvc
PerfDisk
PerfHost
PerfNet
PerfOS
PerfProc
pla
PlugPlay
PNRPAutoReg
PNRPsvc
Point64
PolicyAgent
PortProxy
Power
PrintNotify
Processor
ProfSvc
Psched
QWAVE
QWAVEdrv
RasAcd
RasAuto
RasMan
RasPppoe
rdbss
RDMANDK
rdpbus
RDPDR
RDPNP
RDPUDD
RdpVideoMiniport
rdyboost
ReFS
RegFilter
RemoteAccess
RemoteRegistry
RpcEptMapper
RpcLocator
RpcSs
rspndr
RTL8168
s3cap
SamSs
sbmntr
sbp2port
SCardSvr
ScDeviceEnum
scfilter
Schedule
SCPolicySvc
sdbus
sdstor
secdrv
seclogon
SENS
SensrSvc
SerCx
SerCx2
Serenum
Serial
sermouse
ServiceModelEndpoint 3.0.0.0
ServiceModelOperation 3.0.0.0
ServiceModelService 3.0.0.0
SessionEnv
sfloppy
SharedAccess
ShellHWDetection
SiSRaid2
SiSRaid4
SkypeUpdate
smphost
SMSvcHost 3.0.0.0
SMSvcHost 4.0.0.0
SMUpd
SMUpdd
SNMPTRAP
spaceport
SpbCx
SPBIUpd
SPBIUpdd
SPDRIVER_1.42.1.1841
Spooler
SPPD
sppsvc
srv
srv2
srvnet
SSDPSRV
SstpSvc
stexstor
stisvc
storahci
storflt
stornvme
StorSvc
storvsc
storvsp
svsvc
swenum
swprv
SysMain
SystemEventsBroker
TabletInputService
TapiSrv
Tcpip
TCPIP6
TCPIP6TUNNEL
tcpipreg
TCPIPTUNNEL
tdx
terminpt
TermService
Themes
THREADORDER
TimeBroker
TPM
TrkWks
TrustedInstaller
TSDDD
TsUsbFlt
TsUsbGD
tunnel
uagp35
UASPStor
UCX01000
udfs
UEFI
UGatherer
UGTHRSVC
UI0Detect
uliagpkx
umbus
UmPass
UmRdpService
Update PathMaxx
UpdateCheck
upnphost
USBAAPL64
usbaudio
usbccgp
usbcir
usbehci
usbhub
USBHUB3
usbohci
usbprint
USBSTOR
usbuhci
USBXHCI
Util PathMaxx
VaultSvc
vdrvroot
vds
VerifierExt
vhdmp
viaide
Vid
vmbus
VMBusHID
vmbusr
vmicguestinterface
vmicheartbeat
vmickvpexchange
vmicrdv
vmicshutdown
vmictimesync
vmicvss
volmgr
volmgrx
volsnap
vpci
vpcivsp
vsmraid
VSS
VSTXRAID
vwifibus
vwififlt
vwifimp
W32Time
WacomPen
wbengine
WbioSrvc
Wcmsvc
wcncsvc
WcsPlugInService
WdBoot
Wdf01000
WdFilter
WdiServiceHost
WdiSystemHost
WdNisDrv
WdNisSvc
WebClient
Wecsvc
WEPHOSTSVC
wercplsupport
WerSvc
WFPLWFS
WiaRpc
WIMMount
WinDefend
Windows Workflow Foundation 3.0.0.0
Windows Workflow Foundation 4.0.0.0
WinHttpAutoProxySvc
Winmgmt
WinRM
Winsock
WinSock2
WinUsb
WlanSvc
wlidsvc
WmiAcpi
WmiApRpl
wmiApSrv
WMPNetworkSvc
Wof
workerdd
workfolderssvc
wpcfltr
WPCSvc
WPDBusEnum
WpdUpFltr
ws2ifsl
wscsvc
WSDPrintDevice
WSearch
WSearchIdxPi
WSService
wuauserv
WudfPf
WUDFRd
WUDFSensorLP
wudfsvc
WUDFWpdFs
WUDFWpdMtp
WwanSvc
xixynyko
xmlprov
xygefuzu
xymc
{1FD4CAA7-EB74-4F00-8A1E-887D577F4861}
{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}
{84B101E0-81AA-49C1-A605-99B790C4D7BC}
{8718928D-CBEB-45EA-A621-800A9249001D}
{c6c40e9a-dba9-495a-bc9d-28d2a9896230}Gw64"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xymc]
"rscn"=".NET CLR Data
.NET CLR Networking
.NET CLR Networking 4.0.0.0
.NET Data Provider for Oracle
.NET Data Provider for SqlServer
.NET Memory Cache 4.0
.NETFramework
1394ohci
3ware
ACPI
acpiex
acpipagr
AcpiPmi
acpitime
Adobe Licensing Console
AdobeARMservice
AdobeFlashPlayerUpdateSvc
ADP80XX
adsi
AeLookupSvc
AFD
agp440
ahcache
ALG
AMD External Events Utility
AmdK8
amdkmafd
amdkmdag
amdkmdap
AmdPPM
amdsata
amdsbs
amdxata
AppID
AppIDSvc
Appinfo
Apple Mobile Device
Apple Mobile Device Service
AppMgmt
AppReadiness
AppXSvc
arcsas
atapi
athr
Atierecord
AtiHDAudioService
AudioEndpointBuilder
Audiosrv
AxInstSV
b06bdrv
BasicDisplay
BasicRender
BattC
bcmfn2
BDESVC
be0fb33b
Beep
BFE
BITS
Bonjour Service
bowser
BrokerInfrastructure
Browser
BrsHelper
BthAvrcpTg
BthHFEnum
bthhfhid
BthHFSrv
BTHMODEM
BTHPORT
bthserv
cae99edb
cdc5517a
cdfs
cdrom
CertPropSvc
circlass
CLFS
clr_optimization_v2.0.50727_32
clr_optimization_v2.0.50727_64
clr_optimization_v4.0.30319_32
clr_optimization_v4.0.30319_64
CltMngSvc
CmBatt
CNG
CngHwAssist
CompositeBus
COMSysApp
condrv
CoupoonService64
crypt32
CryptSvc
CSC
CscService
dam
dc3d
DCLocator
DcomLaunch
defragsvc
DeviceAssociationService
DeviceInstall
Dfsc
Dhcp
DiagTrack
disk
dmvsc
Dnscache
dot3svc
DPS
drmkaud
DsmSvc
DXGKrnl
Eaphost
ebdrv
EFS
EhStorClass
EhStorTcgDrv
ErrDev
ESENT
EventLog
EventSystem
exfat
fastfat
Fax
fdc
fdPHost
FDResPub
fhsvc
FileInfo
Filetrace
flpydisk
FltMgr
FontCache
FontCache3.0.0.0
FsDepends
Fs_Rec
fvevol
FxPPM
gagp30kx
GEARAspiWDM
gencounter
globalUpdate
globalUpdatem
GPIOClx0101
gpsvc
HdAudAddService
HDAudBus
HidBatt
HidBth
hidi2c
HidIr
hidserv
HidUsb
hkmsvc
HomeGroupListener
HomeGroupProvider
HpSAMD
HTTP
hwpolicy
hyperkbd
HyperVideo
i8042prt
iaLPSSi_GPIO
iaLPSSi_I2C
iaStorAV
iaStorV
IEEtwCollectorService
IKEEXT
inetaccs
intelide
intelpep
intelppm
IpFilterDriver
iphlpsvc
IPMIDRV
IPNAT
iPod Service
IRENUM
isapnp
iScsiPrt
kbdclass
kbdhid
kbldfltr
kdnic
KeyIso
KSecDD
KSecPkg
ksthunk
KtmRm
LanmanServer
LanmanWorkstation
ldap
lfsvc
lipypiwe
lltdio
lltdsvc
lmhosts
Lsa
LSI_SAS
LSI_SAS2
LSI_SAS3
LSI_SSS
LSM
luafv
megasas
megasr
MMCSS
Modem
monitor
mouclass
mouhid
mountmgr
MozillaMaintenance
mpsdrv
MpsSvc
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
MsBridge
MSDTC
MSDTC Bridge 3.0.0.0
MSDTC Bridge 4.0.0.0
Msfs
msgpiowin32
mshidkmdf
mshidumdf
msisadrv
MSiSCSI
msiserver
MsKeyboardFilter
MSKSSRV
MsLldp
MSPCLOCK
MSPQM
MsRPC
MSSCNTRS
mssmbios
MSTEE
MTConfig
Mup
mvumis
napagent
NativeWifiP
NcaSvc
NcbService
NcdAutoSetup
NDIS
NdisCap
NdisImPlatform
NdisTapi
Ndisuio
NdisVirtualBus
NdisWan
NdisWanLegacy
NDProxy
Ndu
NetBIOS
NetBT
netfilter64
Netlogon
Netman
netprofm
NetTcpPortSharing
netvsc
NlaSvc
Npfs
npsvctrig
nsi
nsiproxy
NTDS
Ntfs
NuidFltr
Null
nvraid
nvstor
nv_agp
p2pimsvc
p2psvc
Parport
partmgr
PcaSvc
pci
pciide
pcmcia
pcw
pdc
PEAUTH
PeerDistSvc
PerfDisk
PerfHost
PerfNet
PerfOS
PerfProc
pla
PlugPlay
PNRPAutoReg
PNRPsvc
Point64
PolicyAgent
PortProxy
Power
PrintNotify
Processor
ProfSvc
Psched
QWAVE
QWAVEdrv
RasAcd
RasAuto
RasMan
RasPppoe
rdbss
RDMANDK
rdpbus
RDPDR
RDPNP
RDPUDD
RdpVideoMiniport
rdyboost
ReFS
RegFilter
RemoteAccess
RemoteRegistry
RpcEptMapper
RpcLocator
RpcSs
rspndr
RTL8168
s3cap
SamSs
sbmntr
sbp2port
SCardSvr
ScDeviceEnum
scfilter
Schedule
SCPolicySvc
sdbus
sdstor
secdrv
seclogon
SENS
SensrSvc
SerCx
SerCx2
Serenum
Serial
sermouse
ServiceModelEndpoint 3.0.0.0
ServiceModelOperation 3.0.0.0
ServiceModelService 3.0.0.0
SessionEnv
sfloppy
SharedAccess
ShellHWDetection
SiSRaid2
SiSRaid4
SkypeUpdate
smphost
SMSvcHost 3.0.0.0
SMSvcHost 4.0.0.0
SMUpd
SMUpdd
SNMPTRAP
spaceport
SpbCx
SPBIUpd
SPBIUpdd
SPDRIVER_1.42.1.1841
Spooler
SPPD
sppsvc
srv
srv2
srvnet
SSDPSRV
SstpSvc
stexstor
stisvc
storahci
storflt
stornvme
StorSvc
storvsc
storvsp
svsvc
swenum
swprv
SysMain
SystemEventsBroker
TabletInputService
TapiSrv
Tcpip
TCPIP6
TCPIP6TUNNEL
tcpipreg
TCPIPTUNNEL
tdx
terminpt
TermService
Themes
THREADORDER
TimeBroker
TPM
TrkWks
TrustedInstaller
TSDDD
TsUsbFlt
TsUsbGD
tunnel
uagp35
UASPStor
UCX01000
udfs
UEFI
UGatherer
UGTHRSVC
UI0Detect
uliagpkx
umbus
UmPass
UmRdpService
Update PathMaxx
UpdateCheck
upnphost
USBAAPL64
usbaudio
usbccgp
usbcir
usbehci
usbhub
USBHUB3
usbohci
usbprint
USBSTOR
usbuhci
USBXHCI
Util PathMaxx
VaultSvc
vdrvroot
vds
VerifierExt
vhdmp
viaide
Vid
vmbus
VMBusHID
vmbusr
vmicguestinterface
vmicheartbeat
vmickvpexchange
vmicrdv
vmicshutdown
vmictimesync
vmicvss
volmgr
volmgrx
volsnap
vpci
vpcivsp
vsmraid
VSS
VSTXRAID
vwifibus
vwififlt
vwifimp
W32Time
WacomPen
wbengine
WbioSrvc
Wcmsvc
wcncsvc
WcsPlugInService
WdBoot
Wdf01000
WdFilter
WdiServiceHost
WdiSystemHost
WdNisDrv
WdNisSvc
WebClient
Wecsvc
WEPHOSTSVC
wercplsupport
WerSvc
WFPLWFS
WiaRpc
WIMMount
WinDefend
Windows Workflow Foundation 3.0.0.0
Windows Workflow Foundation 4.0.0.0
WinHttpAutoProxySvc
Winmgmt
WinRM
Winsock
WinSock2
WinUsb
WlanSvc
wlidsvc
WmiAcpi
WmiApRpl
wmiApSrv
WMPNetworkSvc
Wof
workerdd
workfolderssvc
wpcfltr
WPCSvc
WPDBusEnum
WpdUpFltr
ws2ifsl
wscsvc
WSDPrintDevice
WSearch
WSearchIdxPi
WSService
wuauserv
WudfPf
WUDFRd
WUDFSensorLP
wudfsvc
WUDFWpdFs
WUDFWpdMtp
WwanSvc
xixynyko
xmlprov
xygefuzu
xymc
{1FD4CAA7-EB74-4F00-8A1E-887D577F4861}
{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}
{84B101E0-81AA-49C1-A605-99B790C4D7BC}
{8718928D-CBEB-45EA-A621-800A9249001D}
{c6c40e9a-dba9-495a-bc9d-28d2a9896230}Gw64"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\PathMaxx]

====== End of Search ======
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 27th, 2015, 11:40 pm

Here is my DelFix log:

# DelFix v1.010 - Logfile created 27/05/2015 at 19:58:06
# Updated 26/04/2015 by Xplode
# Username : Max - LEVIATHAN
# Operating System : Windows 8.1 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Max\Desktop\FRST-OlderVersion
Deleted : C:\Users\Max\Desktop\Addition.txt
Deleted : C:\Users\Max\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Max\Desktop\dds.scr
Deleted : C:\Users\Max\Desktop\dds.txt
Deleted : C:\Users\Max\Desktop\Extras.Txt
Deleted : C:\Users\Max\Desktop\Fixlog.txt
Deleted : C:\Users\Max\Desktop\FRST.txt
Deleted : C:\Users\Max\Desktop\FRST64.exe
Deleted : C:\Users\Max\Desktop\JRT.txt
Deleted : C:\Users\Max\Desktop\HijackThis.exe
Deleted : C:\Users\Max\Desktop\hijackthis.log
Deleted : C:\Users\Max\Desktop\OTL.Txt
Deleted : C:\Users\Max\Desktop\OTL.exe
Deleted : C:\Users\Max\Desktop\Search.txt
Deleted : C:\Users\Max\Desktop\Shortcut.txt
Deleted : C:\Users\Max\Downloads\adwcleaner_4.110(1).exe
Deleted : C:\Users\Max\Downloads\adwcleaner_4.110.exe
Deleted : C:\Users\Max\Downloads\adwcleaner_4.205.exe
Deleted : C:\Users\Max\Downloads\dds(1).scr
Deleted : C:\Users\Max\Downloads\dds.scr
Deleted : C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Max\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 28th, 2015, 4:11 am

Please uninstall the following programs ...

CinemaPlus_2.0V16.05
Consumer Input Update Helper
GamesDesktop 025.585
GamesDesktop 025.598
GamesDesktop 025.608
PathMaxx
Quick Ref 1.10.0.12
shopperz 2.0.0.461
Google Chrome


If you're unable to uninstall any of them, just note it down and move on to the next one. Please note that I've included Google Chrome because the version you have has been corrupted. Do not download or install a new copy, we'll do that when your computer is clean.

Reboot your computer when finished.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Brito.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Brito64.exe
AppInit_DLLs-x32: C:\ProgramData\LolliScan\LolliScan32.dll => "C:\ProgramData\LolliScan\LolliScan32.dll" File not found
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk [2015-05-16]
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {89804BA5-1501-4E4F-8667-82EDEE5D6F77} URL = https://search.yahoo.com/search?fr=chr- ... =667671&p= {searchTerms}
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen64.dll No File
Tcpip\..\Interfaces\{1FD4CAA7-EB74-4F00-8A1E-887D577F4861}: [NameServer] 31.168.228.251,82.166.96.251
Tcpip\..\Interfaces\{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}: [NameServer] 31.168.228.251,82.166.96.251
FF DefaultSearchEngine.US: StartWeb
FF SelectedSearchEngine: StartWeb
FF Extension: Add to Search Bar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-11-27]
FF Extension: IMDb ratings for watchever - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\jid1-FpyZ8qozEHjs2A@jetpack.xpi [2014-11-11]
FF Extension: IMDB Search - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-11-11]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-16] ( ) [File not signed] <==== ATTENTION
S2 lipypiwe; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp [X]
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp
S2 xixynyko; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp [X]
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp
S2 xygefuzu; C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp [X]
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp
2015-05-27 20:09 - 2015-05-27 20:09 - 00000000 ____D () C:\Users\Max\AppData\Local\RapidMediaConverter
2015-05-21 21:50 - 2015-05-21 21:50 - 00061440 _____ () C:\WINDOWS\SysWOW64\Drivers\gprmjo.sys
2015-05-21 21:50 - 2015-05-21 21:50 - 00000116 _____ () C:\WINDOWS\SysWOW64\apeg.txt
2015-05-21 21:49 - 2015-05-21 21:49 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F}
2015-05-21 21:41 - 2015-05-21 21:41 - 00003454 _____ () C:\WINDOWS\System32\Tasks\avabvbxvh
2015-05-16 09:28 - 2015-05-16 09:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2015-05-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-16 09:12 - 2013-08-22 06:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-16 09:11 - 2015-05-27 20:07 - 00000346 _____ () C:\WINDOWS\Tasks\EMAUAH1.job
2015-05-16 09:11 - 2015-05-25 12:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3
2015-05-16 09:11 - 2015-05-16 09:11 - 00003552 _____ () C:\WINDOWS\System32\Tasks\HJPQXRTER
2015-05-16 09:11 - 2015-05-16 09:11 - 00002860 _____ () C:\WINDOWS\System32\Tasks\EMAUAH1
2015-05-16 09:11 - 2015-05-16 09:11 - 00000000 ____D () C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-04-27 20:24 - 2015-05-25 12:06 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job
2015-04-27 20:24 - 2015-04-27 20:24 - 00000000 ____D () C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}
2015-05-08 18:39 - 2015-02-25 19:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\uTorrent
C:\ProgramData\A8OL14R.dat
C:\Users\Max\AppData\Local\Temp\Quarantine.exe
C:\Users\Max\AppData\Local\Temp\sqlite3.dll
C:\Program Files\shopperz
C:\Users\Max\AppData\Local\avabvbxvh
C:\ProgramData\LolliScan
C:\Program Files (x86)\Crossbrowse
Task: {0E2146EE-3D5B-4A12-91FF-CBDFB504843B} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat
Task: {44CD8520-5006-4D21-BA21-796213738693} - \SMWUpd No Task File <==== ATTENTION
Task: {5656256E-2DA9-4FED-84E7-8ED6A1EE016A} - System32\Tasks\avabvbxvh => C:\Users\Max\AppData\Local\avabvbxvh\avabvbxvh.exe <==== ATTENTION
Task: {5810B4D0-DA01-4515-B116-B27AC9F20564} - System32\Tasks\{F95CB74F-A6A7-4FD5-96ED-5C70683B1B2F} => pcalua.exe -a C:\Users\Max\AppData\Local\Temp\Temp1_avenger.zip\avenger.exe
Task: {683E56B8-60CC-405C-AABE-AB4541659A46} - System32\Tasks\KCXOIF => C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe
Task: {79FCBC20-4628-4005-93A8-89315CD79EFE} - System32\Tasks\EMAUAH1 => C:\ProgramData\LolliScan\LolliScan.exe
Task: {92ED8193-5D55-4A64-A03D-5A91F545BF67} - \Taplika mite No Task File <==== ATTENTION
Task: {9739F298-F92B-4907-9BF6-975F6A557B21} - \SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 No Task File <==== ATTENTION
Task: {F4044F64-61D6-4F9A-A764-C6EF2A09DC52} - System32\Tasks\HJPQXRTER => C:\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe
Task: C:\WINDOWS\Tasks\EMAUAH1.job => C:\ProgramData\LolliScan\LolliScan.exe
Task: C:\WINDOWS\Tasks\Taplika mite.job => Wscript.exe C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js 433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c 687474703a2f2f73616f2e7461627072742e636f6d2f --IsErIk.LEV
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\EduApp.BrowserAdapter64.exe]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.eduapphome.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.Treena]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions" /v "{2395B860-45E4-42fd-96E6-50BA597C1C42}" /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\extensions" /v "{2395B860-45E4-42fd-96E6-50BA597C1C42}" /f
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]
[-HKEY_USERS\S-1-5-19\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\shopperz]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\{5A31095A-14C9-4e16-8C04-A7717D78ED22}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" /v "" /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" /v "Localized Name" /f
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}" /f
reg: reg.exe delete "[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}" /f
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\crossbrowse.exe]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /f
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\RapidMediaConverterApp.exe]
reg: reg.exe delete "HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "RapidMediaConverterApp.exe" /f
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\RapidMediaConverter]
reg: reg.exe delete "HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe" /f
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\RapidMediaConverterApp]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliPoint\AppSpecific\SmartWebApp.exe]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\sslminibar]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\minibar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05-nv-ie]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus_2.0V16.05]
[-HKEY_USERS\.DEFAULT\Software\CinemaPlus_2.0V16.05-nv-ie]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05-nv-ie]
[-HKEY_USERS\S-1-5-18\Software\CinemaPlus_2.0V16.05-nv-ie]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_585_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PathMaxx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\PathMaxx]
cmd: ipconfig /flushdns
emptytemp:
hosts:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Let’s try to Reset your Router to its default configuration.
  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router. (Sometimes there's a button on the front).
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

Next ...

Reconnect to the internet and run an e-set scan for me.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Be sure to disconnect from the internet again once the scan has finished.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 30th, 2015, 12:57 am

Gary,

My computer is performing perfectly now and seems to be malware free. Regardless, here is my fixlog.txt:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204} => key not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\EduApp.BrowserAdapter64.exe => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.eduapphome.com => key Removed successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateEduApp.exe => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.Treena => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.Treena => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2395B860-45E4-42fd-96E6-50BA597C1C42}_is1 => key not found.

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions" /v "{2395B860-45E4-42fd-96E6-50BA597C1C42}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\extensions" /v "{2395B860-45E4-42fd-96E6-50BA597C1C42}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D427AD-6E01-42b5-9458-5AF9B261A58A} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A911D50F-7390-4EA2-8E00-347933672CA2} => key not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz => key Removed successfully
HKEY_USERS\S-1-5-19\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09} => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\shopperz => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\shopperz => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\{5A31095A-14C9-4e16-8C04-A7717D78ED22} => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09} => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09} => key not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => key Removed successfully

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" /v "Localized Name" /f =========

The operation completed successfully.



========= End of Reg: =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => key not found.

========= reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{060A2CC6-DF1D-4CE7-9625-5428F0DC5738}" /f =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\crossbrowse.exe => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse => key Removed successfully

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /f =========

The operation completed successfully.



========= End of Reg: =========

HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\RapidMediaConverterApp.exe => key Removed successfully

========= reg.exe delete "HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "RapidMediaConverterApp.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\RapidMediaConverter => key Removed successfully

========= reg.exe delete "HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\RapidMediaConverterApp => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliPoint\AppSpecific\SmartWebApp.exe => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\sslminibar => key not found.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Iminent\WebBooster\Scripts\minibar => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05 => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05-nv-ie => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CinemaPlus_2.0V16.05-nv-ie => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus_2.0V16.05 => key not found.
HKEY_USERS\.DEFAULT\Software\CinemaPlus_2.0V16.05-nv-ie => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\CinemaPlus_2.0V16.05-nv-ie => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05 => key Removed successfully
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05-nv-ie => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\CinemaPlus_2.0V16.05-nv-ie => key Removed successfully
HKEY_USERS\S-1-5-18\Software\CinemaPlus_2.0V16.05-nv-ie => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_585_is1 => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PathMaxx => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PathMaxx => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FB6EB5E6-4D16-4461-9C01-D74247281D5A} => key not found.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\PathMaxx => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\PathMaxx => key Removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 48 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:42:08 ====
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware