Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Annoying Ad Opens on New Tab Everytime I Start To Do Anythin

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Annoying Ad Opens on New Tab Everytime I Start To Do Anythin

Unread postby rcunanan » January 31st, 2015, 5:42 pm

Besides the annoying advertisements that opens up on New Window or New Tab, the computer also runs so slow.
I tried system restore function but did not do anything. Any help would be greatly appreciated.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by reina (administrator) on FOOTCARENURSE on 31-01-2015 16:29:59
Running from C:\Users\reina\Desktop
Loaded Profiles: reina (Available profiles: reina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Google Inc.) C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
(Pay By Ads LTD) C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\dsrlte.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Run: [Google Update] => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-27] (Google Inc.)
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Run: [Yahoo! Search] => C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\dsrlte.exe [535472 2014-08-05] (Pay By Ads LTD)
Startup: C:\Users\reina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2586556045-1720471783-4283924833-1001] => file://C:\Program Files (x86)\BrowseMark\bin\Pac9064.js
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> DefaultScope {8F2A4CD5-BB7C-4744-B9F9-2DDE69E28371} URL = http://rts.dsrlte.com/?q={searchTerms}&r=101
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> {8F2A4CD5-BB7C-4744-B9F9-2DDE69E28371} URL = http://rts.dsrlte.com/?q={searchTerms}&r=101
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: BrowseMark -> {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} -> C:\Program Files (x86)\BrowseMark\BrowseMarkBHO.dll (BrowseMark)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: HKLM-x32 {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://reports.idstc.com/ActiveReports/ ... rview2.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/O1DPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\reina\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\reina\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default\Extensions\trash [2015-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MaintainerSvc2.49.6826863; C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe [123680 2014-12-17] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-08-05] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 {1d80e5b5-4071-4723-b69d-7303dd29b08f}w64; C:\Windows\System32\drivers\{1d80e5b5-4071-4723-b69d-7303dd29b08f}w64.sys [48832 2014-12-01] (StdLib)
R1 {5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64; C:\Windows\System32\drivers\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64.sys [48832 2014-10-15] (StdLib)
R1 {90b6a102-782f-4c36-a3a9-17de29ea9425}w64; C:\Windows\System32\drivers\{90b6a102-782f-4c36-a3a9-17de29ea9425}w64.sys [48832 2014-10-22] (StdLib)
R1 {b054ca2a-b52e-4dce-852f-fc425b1df036}w64; C:\Windows\System32\drivers\{b054ca2a-b52e-4dce-852f-fc425b1df036}w64.sys [48832 2014-10-14] (StdLib)
R1 {b7ef6559-ecf4-497a-81ce-d499dec7003c}w64; C:\Windows\System32\drivers\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w64.sys [48832 2014-10-15] (StdLib)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [61120 2014-05-13] (StdLib)
R1 {fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64; C:\Windows\System32\drivers\{fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64.sys [48832 2014-10-21] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 18:45 - 2015-01-31 18:45 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-31 16:29 - 2015-01-31 16:30 - 00019570 _____ () C:\Users\reina\Desktop\FRST.txt
2015-01-31 16:29 - 2015-01-31 16:30 - 00000000 ____D () C:\FRST
2015-01-31 16:28 - 2015-01-31 16:28 - 02130944 _____ (Farbar) C:\Users\reina\Desktop\FRST64.exe
2015-01-31 16:15 - 2015-01-31 16:15 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Users\reina\AppData\Local\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-31 16:10 - 2015-01-31 16:10 - 00243440 _____ () C:\Users\reina\Downloads\Firefox Setup Stub 35.0.1.exe.0ju06d7.partial
2015-01-31 16:08 - 2015-01-31 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:01 - 2014-12-17 09:13 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-01-31 19:01 - 2014-12-17 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2015-01-31 19:01 - 2014-10-29 18:43 - 00000000 ____D () C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf
2015-01-31 19:01 - 2014-07-10 12:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 __RSD () C:\windows\Media
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera
2015-01-31 19:00 - 2014-12-17 10:44 - 00000000 ____D () C:\windows\system32\appraiser
2015-01-31 18:55 - 2014-04-10 19:17 - 00000000 ____D () C:\Users\reina\AppData\Roaming\systweak
2015-01-31 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\registration
2015-01-31 18:55 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-01-31 16:25 - 2014-02-27 21:14 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA.job
2015-01-31 16:19 - 2014-02-22 18:59 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2586556045-1720471783-4283924833-1001
2015-01-31 16:19 - 2014-02-22 18:42 - 01237721 _____ () C:\windows\WindowsUpdate.log
2015-01-31 16:19 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-31 16:15 - 2014-12-01 19:26 - 00000000 ____D () C:\Users\reina\AppData\Roaming\Mozilla
2015-01-31 16:14 - 2014-02-22 18:55 - 00000000 __RDO () C:\Users\reina\SkyDrive
2015-01-31 16:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-31 16:10 - 2014-04-10 19:17 - 00003090 _____ () C:\windows\System32\Tasks\RegClean Pro
2015-01-31 16:09 - 2013-08-24 16:38 - 00891984 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-31 16:08 - 2014-02-23 18:37 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-01-31 16:06 - 2014-12-17 09:09 - 00003068 _____ () C:\windows\System32\Tasks\Right Backup_startup
2015-01-31 16:06 - 2014-04-10 19:17 - 00003120 _____ () C:\windows\System32\Tasks\Advanced System Protector_startup
2015-01-31 16:05 - 2014-02-22 18:55 - 00000000 ____D () C:\Users\reina\Documents\Youcam
2015-01-31 16:03 - 2014-02-22 18:51 - 00000000 ____D () C:\Users\reina
2015-01-31 16:03 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-31 15:45 - 2013-08-24 16:32 - 00103492 _____ () C:\windows\PFRO.log
2015-01-29 21:12 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-18 22:13 - 2013-08-22 09:46 - 00018092 _____ () C:\windows\setupact.log

==================== Files in the root of some directories =======

2014-04-10 20:16 - 2014-12-01 20:16 - 0000126 _____ () C:\Users\reina\AppData\Roaming\WB.CFG

Some content of TEMP:

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-19 04:07

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by reina at 2015-01-31 16:30:33
Running from C:\Users\reina\Desktop
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: - Igor Pavlov)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Airport Mania (x32 Version: - WildTangent) Hidden
Aloha TriPeaks (x32 Version: - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: - WildTangent) Hidden
Bejeweled 3 (x32 Version: - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: - Apple Inc.)
Bounce Symphony (x32 Version: - WildTangent) Hidden
Build-a-lot (x32 Version: - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: - WildTangent) Hidden
Curse at Twilight (x32 Version: - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: - Google)
Governor of Poker 2 Premium Edition (x32 Version: - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Jewel Match 3 (x32 Version: - WildTangent) Hidden
John Deere Drive Green (x32 Version: - WildTangent) Hidden
join.me (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\JoinMe) (Version: - LogMeIn, Inc.)
Letters from Nowhere 2 (x32 Version: - WildTangent) Hidden
Luxor Evolved (x32 Version: - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Peggle Nights (x32 Version: - WildTangent) Hidden
Penguins! (x32 Version: - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger (Version: - Pinger Inc.)
Pinger (x32 Version: - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: - WildTangent) Hidden
Polar Bowler (x32 Version: - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: - CyberLink Corp.) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Roads of Rome 3 (x32 Version: - WildTangent) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: - WildTangent) Hidden
Trinklit Supreme (x32 Version: - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: - WildTangent)
WildTangent Games App (HP Games) (x32 Version: - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Yahoo! Search (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION
Youda Jewel Shop (x32 Version: - WildTangent) Hidden
Zuma's Revenge (x32 Version: - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\\psuser_64.dll No File

==================== Restore Points =========================

17-12-2014 09:11:04 Windows Update
15-01-2015 10:56:41 Scheduled Checkpoint
26-01-2015 17:13:37 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06D4AFA3-5810-4B80-9D2E-4F127350C4F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {1290CA25-FFFE-41F7-ADE2-775D46082E8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {1BE1F99E-0545-4BC4-B692-D7164ACC4350} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {200DBABB-241C-49F7-BA62-39BCABE7E8EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-01] (Microsoft Corporation)
Task: {420ACA46-FB7E-49AC-8CB7-2F731E65FE23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {52F14598-7F6C-4CF3-B829-4C024BC9A414} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {5314F886-289D-4183-B721-633A2E2C9DDD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {974157D2-C8F5-44F2-A0D4-7B704F01CC6D} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {975C042D-FABC-4010-A3F6-6AC7B8AE8FA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001Core => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {CC8C91A9-5635-4BD6-A5D3-B5626EAC0437} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {DC98D6B3-034A-4E1A-9DD2-5474F91E69CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {E2C5306C-7D69-49BE-8A20-961D2D354380} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {E72850D2-BEC0-4074-A096-0418AD8B2CA1} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {ED97014C-FC87-40FA-AB88-3852D03346B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001Core.job => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA.job => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-26 14:26 - 2013-09-26 14:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 14:32 - 2013-09-26 14:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 14:28 - 2013-09-26 14:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-29 17:15 - 2014-12-17 09:07 - 00123680 _____ () C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe
2014-12-01 19:40 - 2014-12-01 19:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-26 14:34 - 2013-09-26 14:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-17 09:08 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2014-01-05 17:45 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-05 17:40 - 2013-08-08 16:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 16:15 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\reina\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2586556045-1720471783-4283924833-500 - Administrator - Disabled)
Guest (S-1-5-21-2586556045-1720471783-4283924833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586556045-1720471783-4283924833-1003 - Limited - Enabled)
reina (S-1-5-21-2586556045-1720471783-4283924833-1001 - Administrator - Enabled) => C:\Users\reina

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored.

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

System errors:
Error: (01/31/2015 04:08:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:

Error: (01/31/2015 04:08:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (01/31/2015 04:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:

Error: (01/31/2015 04:07:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.

Error: (01/31/2015 04:07:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (01/31/2015 04:07:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:

Error: (01/31/2015 04:07:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.

Error: (01/31/2015 04:06:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:

Error: (01/31/2015 04:06:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.

Error: (01/31/2015 04:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:

Microsoft Office Sessions:
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/subscription

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/subscription

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/subscription

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root

Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/CIMV2

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8082.61 MB
Available physical RAM: 4815.56 MB
Total Pagefile: 9362.61 MB
Available Pagefile: 6487.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1845.85 GB) (Free:1804.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.69 GB) (Free:1.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

Disk: 0 (Size: 1863 GB) (Disk ID: BFCBAF59)

Partition: GPT Partition Type.

==================== End Of Log ============================
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm
Register to Remove

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby Cypher » February 1st, 2015, 12:55 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.


Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
2.1.1000.12594 - Systweak Software
Advanced System Protector
MyPC Backup
RegClean Pro
Yahoo! Search


I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of date" Click the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Rerun FRST

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • FRST.txt.
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 1st, 2015, 2:34 pm

I can't seem to uninstall these items;

On Advance System protector I get this

On Yahoo-search, Uninstall doesn't seem to do anything. It said uninstall complete but the program still there even after restarting the computer.
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 1st, 2015, 2:36 pm

Malwarebytes Anti-Malware

Scan Date: 2015-02-01
Scan Time: 1:02:51 PM
Administrator: Yes

Malware Database: v2015.02.01.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: reina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327869
Time Elapsed: 9 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.MaintainerSvc.A, C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe, 252, Delete-on-Reboot, [b09af425e0aa60d67f0130bcbd4415eb]
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\dsrlte.exe, 5032, Delete-on-Reboot, [06441900c3c772c4aeb7fc6611ef06fa]

Modules: 0
(No malicious items detected)

Registry Keys: 34
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc2.49.6826863, Quarantined, [b09af425e0aa60d67f0130bcbd4415eb],
PUP.Optional.PayByAds.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yahoo! Search, Quarantined, [06441900c3c772c4aeb7fc6611ef06fa],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [cd7d8792e8a258de83b7db59ef14768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [cd7d8792e8a258de83b7db59ef14768a],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [d67439e09af02c0a90bffb39f211ea16],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [d67439e09af02c0a90bffb39f211ea16],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{aeac172e-2e4b-4b92-9af6-b0cdb1acecdb}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0403706E-B8FA-450C-A865-018D5B28E9E1}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BCAD45DB-5F28-4FED-8759-41E07EE6402F}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BCAD45DB-5F28-4FED-8759-41E07EE6402F}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0403706E-B8FA-450C-A865-018D5B28E9E1}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e763e732602a053147ab3fbbf11128d8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e763e732602a053147ab3fbbf11128d8],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1d80e5b5-4071-4723-b69d-7303dd29b08f}w64, Quarantined, [9baf4ecbd7b394a2397cfb03996b3bc5],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64, Quarantined, [f2589d7c69219b9b6f464cb2d1335ea2],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{90b6a102-782f-4c36-a3a9-17de29ea9425}w64, Quarantined, [7dcd14057713ac8a1f961be3a26237c9],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b054ca2a-b52e-4dce-852f-fc425b1df036}w64, Quarantined, [ac9e58c18cfe52e4417414eaea1a7e82],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w64, Quarantined, [0b3fed2cb3d7af8782334bb372929f61],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64, Quarantined, [292102176327d26483323ec0709415eb],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64, Quarantined, [301a51c83b4fca6cb005f30bec185ea2],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\WOW6432NODE\BrowseMark, Quarantined, [65e5cb4e08826fc7faa043799f64966a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [70da41d8f4965fd73d40607ede26fc04],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced System Protector, Quarantined, [5eec5cbd5733023497044158e41fec14],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [4604e43586043ff70c33bfe59073847c],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowseMark, Quarantined, [81c965b4becc62d450492e8e996a07f9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Quarantined, [044651c85c2ec86efb20756bb94b1ce4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [65e554c5a1e9bd79eb20b61343c0f30d],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [98b2a475e2a873c36d5a6c7736ce4ab6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [9eac15043c4e50e6190621bede2619e7],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, Quarantined, [93b78a8ffb8f90a64755e3b6c43fb44c],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [99b14bce474336000f2f9014cb38f60a],

Registry Values: 5
PUP.Optional.PayByAds.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yahoo! Search, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\dsrlte.exe, Quarantined, [06441900c3c772c4aeb7fc6611ef06fa]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [fe4c93865c2e54e21350396c48bb38c8]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\\, Quarantined, [35157f9a3456270fd0823dc1b450c53b]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0I2Z1H1E2V1R0O1O, Quarantined, [9eac15043c4e50e6190621bede2619e7]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2586556045-1720471783-4283924833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [5feb16030684d264392b3f66c0430ff1]

Registry Data: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=),Replaced,[3317f821cebc3303c570406e778ee719]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=),Replaced,[27230c0d860473c3999c6f3f818460a0]

Folders: 16
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector, Quarantined, [1d2d74a512789c9a9dc88e237192a55b],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads, Delete-on-Reboot, [7ecc15048efc83b35d5b3c2370939967],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search, Delete-on-Reboot, [7ecc15048efc83b35d5b3c2370939967],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\, Delete-on-Reboot, [7ecc15048efc83b35d5b3c2370939967],
PUP.Optional.SystemSpeedup, C:\Users\reina\AppData\Roaming\systweak\ssd, Quarantined, [ad9d65b45337ff371a8b99c738cb48b8],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, Quarantined, [7ad0f722226856e0ea5ea5c658ab3cc4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12594, Quarantined, [7ad0f722226856e0ea5ea5c658ab3cc4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures, Quarantined, [7ad0f722226856e0ea5ea5c658ab3cc4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, Quarantined, [7ad0f722226856e0ea5ea5c658ab3cc4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12594, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced-System Protector, Quarantined, [c981a475f9913402d96f313a19eab54b],
PUP.Optional.BrowseMark.A, C:\Users\reina\AppData\Local\Temp\BrowseMark, Quarantined, [86c40c0d7c0ebc7af49db5c28b7813ed],

Files: 56
PUP.Optional.MaintainerSvc.A, C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe, Delete-on-Reboot, [b09af425e0aa60d67f0130bcbd4415eb],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\dsrlte.exe, Delete-on-Reboot, [06441900c3c772c4aeb7fc6611ef06fa],
PUP.Optional.BrowseMark.A, C:\Program Files (x86)\BrowseMark\BrowseMarkBHO.dll, Quarantined, [143695848ffb1d1980a1639b06fc38c8],
PUP.Optional.SwiftBrowse, C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.bak, Quarantined, [80caf029a3e7ee482a8e7e7dab56bf41],
PUP.Optional.Systweak, C:\Program Files (x86)\Advanced System Protector\SSDPTstub.exe, Quarantined, [14364ecb1e6c90a696f6d34140c2966a],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, Quarantined, [430776a3256570c6dbe5b210de23dd23],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Temp\dsrlte.exe, Quarantined, [04460118c7c3ae88eb7a481a6799926e],
PUP.Optional.MyPCBackup.A, C:\Users\reina\AppData\Local\Temp\BackupSetup.exe, Quarantined, [e26826f3a6e43cfad3f42bbf37ca13ed],
PUP.Optional.InstallCore, C:\Users\reina\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe, Quarantined, [7cceb465424839fd43414b1961a41be5],
PUP.Optional.RegCleanPro, C:\Users\reina\AppData\Local\Temp\is1496958499\283927025_stp\rcpsetup_adppi12_adppi12.exe, Quarantined, [be8c5abf1a70c373748686aede2204fc],
PUP.Optional.MyPCBackup.A, C:\Windows\Temp\tmp3231.tmp, Quarantined, [eb5f0d0cc9c16ec8784fd01ac73a37c9],
PUP.Optional.MyPCBackup.A, C:\Windows\Temp\tmpA199.tmp, Quarantined, [43078099b1d9f145d2f5dc0e14ed28d8],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced System Protector_startup, Quarantined, [55f5ec2d8cfe0531515a722a58ab1ae6],
PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced System Protector.lnk, Quarantined, [fe4c3ddc0c7e44f21d10d4d004fff60a],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk, Quarantined, [1d2d74a512789c9a9dc88e237192a55b],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector Trouble Shooter.lnk, Quarantined, [1d2d74a512789c9a9dc88e237192a55b],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector.lnk, Quarantined, [1d2d74a512789c9a9dc88e237192a55b],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Uninstall Advanced System Protector.lnk, Quarantined, [1d2d74a512789c9a9dc88e237192a55b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{1d80e5b5-4071-4723-b69d-7303dd29b08f}w64.sys, Quarantined, [9baf4ecbd7b394a2397cfb03996b3bc5],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64.sys, Quarantined, [f2589d7c69219b9b6f464cb2d1335ea2],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{90b6a102-782f-4c36-a3a9-17de29ea9425}w64.sys, Quarantined, [7dcd14057713ac8a1f961be3a26237c9],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{b054ca2a-b52e-4dce-852f-fc425b1df036}w64.sys, Quarantined, [ac9e58c18cfe52e4417414eaea1a7e82],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w64.sys, Quarantined, [0b3fed2cb3d7af8782334bb372929f61],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys, Quarantined, [292102176327d26483323ec0709415eb],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64.sys, Quarantined, [301a51c83b4fca6cb005f30bec185ea2],
PUP.Optional.PayByAds.A, C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\\app.ini, Quarantined, [7ecc15048efc83b35d5b3c2370939967],
PUP.Optional.SystemSpeedup, C:\Users\reina\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [ad9d65b45337ff371a8b99c738cb48b8],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\AddonSafelist, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\log.xslt, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\completedatabase.db, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Cookies.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\DigSign.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePathFIX.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePaths.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FileSignature.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Folders.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Md5.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Registry.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\SetupSign.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\StrSetupSign.bin, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\100oupdate.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1997completedatabase.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2102mupdate.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2103update.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2104update.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2105update.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2106update.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\2107update.zip, Quarantined, [400ab762b2d8c472a3a5f17a659eae52],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector\QDetail.db, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector\Settings.db, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector\Update.ini, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12594\ASPLog.txt, Quarantined, [1a30cf4aee9cc96d97b1e487bb489d63],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced-System Protector\ASPLog.txt, Quarantined, [c981a475f9913402d96f313a19eab54b],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced-System Protector\QDetail.db, Quarantined, [c981a475f9913402d96f313a19eab54b],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\reina\AppData\Roaming\systweak\Advanced-System Protector\Settings.db, Quarantined, [c981a475f9913402d96f313a19eab54b],
PUP.Optional.BrowseMark.A, C:\Users\reina\AppData\Local\Temp\BrowseMark\7za.exe, Quarantined, [86c40c0d7c0ebc7af49db5c28b7813ed],

Physical Sectors: 0
(No malicious items detected)

Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 1st, 2015, 2:47 pm

# AdwCleaner v4.109 - Report created 01/02/2015 at 13:45:29
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : reina - FOOTCARENURSE
# Running from : C:\Users\reina\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\ASP
Folder Deleted : C:\Program Files (x86)\BrowseMark
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Folder Deleted : C:\Users\reina\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\reina\AppData\Roaming\rightbackup
Folder Deleted : C:\Users\reina\AppData\Roaming\Systweak
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\reina\Desktop\Live PC Help.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : Advanced System Protector_startup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8F2A4CD5-BB7C-4744-B9F9-2DDE69E28371}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\BrowseMark
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)


AdwCleaner[R0].txt - [2811 octets] - [01/02/2015 13:42:20]
AdwCleaner[S0].txt - [2617 octets] - [01/02/2015 13:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2677 octets] ##########
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 1st, 2015, 2:50 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by reina (administrator) on FOOTCARENURSE on 01-02-2015 13:49:01
Running from C:\Users\reina\Desktop
Loaded Profiles: reina (Available profiles: reina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Run: [Google Update] => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-27] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON14/19
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: HKLM-x32 {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://reports.idstc.com/ActiveReports/ ... rview2.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default
FF Homepage: google.ca
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/O1DPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\reina\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\reina\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default\Extensions\trash [2015-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-08-05] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:48 - 2015-02-01 13:48 - 00000000 ____D () C:\Users\reina\Desktop\FRST-OlderVersion
2015-02-01 13:41 - 2015-02-01 13:45 - 00000000 ____D () C:\AdwCleaner
2015-02-01 13:38 - 2015-02-01 13:38 - 02194432 _____ () C:\Users\reina\Desktop\adwcleaner_4.109.exe
2015-02-01 12:59 - 2015-02-01 12:59 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 12:58 - 2015-02-01 12:58 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 12:58 - 2015-02-01 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 12:58 - 2015-02-01 12:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 12:58 - 2015-02-01 12:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 12:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-01 12:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-01 12:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-01 12:57 - 2015-02-01 12:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\reina\Desktop\mbam-setup-
2015-02-01 12:56 - 2015-02-01 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-01 12:18 - 2015-02-01 12:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-FOOTCARENURSE-Windows-8.1-(64-bit).dat
2015-02-01 12:17 - 2015-02-01 12:17 - 00000000 ____D () C:\RegBackup
2015-02-01 12:16 - 2015-02-01 12:16 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-01 12:16 - 2015-02-01 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-01 12:16 - 2015-02-01 12:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-01 12:15 - 2015-02-01 12:15 - 04803888 _____ () C:\Users\reina\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-31 19:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2015-01-31 19:55 - 2015-01-31 19:55 - 71128407 _____ () C:\Users\reina\Downloads\kodi-14.1-Helix.exe
2015-01-31 18:45 - 2015-01-31 18:45 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-31 16:36 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll
2015-01-31 16:36 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-31 16:36 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-01-31 16:36 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-01-31 16:30 - 2015-01-31 16:30 - 00027819 _____ () C:\Users\reina\Desktop\Addition.txt
2015-01-31 16:29 - 2015-02-01 13:49 - 00014810 _____ () C:\Users\reina\Desktop\FRST.txt
2015-01-31 16:29 - 2015-02-01 13:49 - 00000000 ____D () C:\FRST
2015-01-31 16:28 - 2015-02-01 13:48 - 02131456 _____ (Farbar) C:\Users\reina\Desktop\FRST64.exe
2015-01-31 16:19 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-01-31 16:19 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-01-31 16:19 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-01-31 16:19 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-01-31 16:19 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-01-31 16:19 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-01-31 16:19 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-01-31 16:19 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-01-31 16:19 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-31 16:19 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-01-31 16:19 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-01-31 16:19 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-01-31 16:19 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-01-31 16:19 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-01-31 16:19 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-01-31 16:19 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-01-31 16:19 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-31 16:19 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-01-31 16:19 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-01-31 16:19 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-01-31 16:19 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-01-31 16:19 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-01-31 16:19 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-01-31 16:19 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-01-31 16:19 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-01-31 16:19 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-01-31 16:19 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-01-31 16:19 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-01-31 16:19 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-01-31 16:19 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-01-31 16:19 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-01-31 16:19 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-01-31 16:19 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-01-31 16:19 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-01-31 16:19 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-01-31 16:19 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-01-31 16:19 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-01-31 16:19 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-01-31 16:19 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-01-31 16:19 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-01-31 16:19 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-01-31 16:19 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-01-31 16:19 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-01-31 16:19 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-01-31 16:19 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-01-31 16:19 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-01-31 16:19 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-01-31 16:19 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-01-31 16:19 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2015-01-31 16:19 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2015-01-31 16:19 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-01-31 16:19 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-01-31 16:19 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-01-31 16:19 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-01-31 16:19 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2015-01-31 16:19 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
2015-01-31 16:15 - 2015-01-31 16:15 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Users\reina\AppData\Local\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-31 16:10 - 2015-01-31 16:10 - 00243440 _____ () C:\Users\reina\Downloads\Firefox Setup Stub 35.0.1.exe.0ju06d7.partial
2015-01-31 15:41 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-31 15:41 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-31 15:41 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-31 15:41 - 2014-12-02 18:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\tlntsess.exe
2015-01-31 15:40 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-31 15:40 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-31 15:40 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-31 15:40 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-31 15:40 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-31 15:40 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-31 15:40 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-31 15:40 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-31 15:40 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-31 15:40 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-31 15:40 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-31 15:40 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-31 15:40 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-31 15:40 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-31 15:40 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-31 15:40 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-31 15:40 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-31 15:40 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-31 15:40 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-31 15:40 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-31 15:40 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-31 15:40 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-31 15:40 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:47 - 2014-02-22 18:55 - 00000000 ____D () C:\Users\reina\Documents\Youcam
2015-02-01 13:46 - 2014-10-29 18:43 - 00000000 ____D () C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf
2015-02-01 13:46 - 2014-02-22 18:55 - 00000000 __RDO () C:\Users\reina\SkyDrive
2015-02-01 13:46 - 2013-08-24 16:32 - 00124280 _____ () C:\windows\PFRO.log
2015-02-01 13:46 - 2013-08-22 09:46 - 00018543 _____ () C:\windows\setupact.log
2015-02-01 13:46 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-01 13:45 - 2014-02-22 18:42 - 01636270 _____ () C:\windows\WindowsUpdate.log
2015-02-01 13:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-01 13:25 - 2014-02-27 21:14 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA.job
2015-02-01 13:25 - 2014-02-22 18:59 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2586556045-1720471783-4283924833-1001
2015-02-01 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-01 12:56 - 2014-02-23 18:37 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-02-01 12:46 - 2014-02-22 18:53 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{EC9ACCC8-FF3C-4D43-8CDC-6F9297E6AE40}
2015-02-01 12:41 - 2013-08-24 16:38 - 00891984 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-01 12:30 - 2014-12-17 10:44 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-01 12:30 - 2014-07-10 12:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-01 12:30 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2015-02-01 12:30 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2015-02-01 12:30 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-01 12:25 - 2014-12-01 19:26 - 00000000 ____D () C:\Users\reina\AppData\Roaming\Mozilla
2015-02-01 12:25 - 2014-02-27 21:14 - 00000000 ____D () C:\Users\reina\AppData\Local\Google
2015-02-01 09:48 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-01 02:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-31 19:57 - 2013-08-24 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 19:25 - 2014-02-27 21:14 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001Core.job
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 __RSD () C:\windows\Media
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera
2015-01-31 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\registration
2015-01-31 18:55 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-01-31 16:52 - 2014-03-07 15:33 - 00000000 ____D () C:\windows\system32\MRT
2015-01-31 16:03 - 2014-02-22 18:51 - 00000000 ____D () C:\Users\reina
2015-01-29 21:12 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-24 15:20 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-04-10 20:16 - 2014-12-01 20:16 - 0000126 _____ () C:\Users\reina\AppData\Roaming\WB.CFG

Some content of TEMP:

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-31 16:46

==================== End Of Log ============================
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby Cypher » February 2nd, 2015, 7:49 am

I can't seem to uninstall these items;

Don't worry about those for now.
Besides the annoying advertisements that opens up on New Window or New Tab, the computer also runs so slow.

We need to run a fix, once done please give me an update on how your computer is running.
Are you still experiencing these problems?

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Task: {52F14598-7F6C-4CF3-B829-4C024BC9A414} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
    Task: {5314F886-289D-4183-B721-633A2E2C9DDD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {974157D2-C8F5-44F2-A0D4-7B704F01CC6D} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {E2C5306C-7D69-49BE-8A20-961D2D354380} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    CMD: ipconfig /flushdns
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 2nd, 2015, 5:22 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by reina at 2015-02-02 15:55:13 Run:1
Running from C:\Users\reina\Desktop
Loaded Profiles: reina (Available profiles: reina)
Boot Mode: Normal

Content of fixlist:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {52F14598-7F6C-4CF3-B829-4C024BC9A414} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {5314F886-289D-4183-B721-633A2E2C9DDD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {974157D2-C8F5-44F2-A0D4-7B704F01CC6D} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {E2C5306C-7D69-49BE-8A20-961D2D354380} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

CMD: ipconfig /flushdns


C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\reina\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\reina\AppData\Local\Temp\GUREBF7.exe => Moved successfully.
C:\Users\reina\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe => Moved successfully.
C:\Users\reina\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\reina\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F14598-7F6C-4CF3-B829-4C024BC9A414} => Key not found.
C:\Windows\System32\Tasks\Advanced System Protector_startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5314F886-289D-4183-B721-633A2E2C9DDD} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{974157D2-C8F5-44F2-A0D4-7B704F01CC6D} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C5306C-7D69-49BE-8A20-961D2D354380} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found.
C:\windows\Tasks\RegClean Pro_DEFAULT.job not found.
C:\windows\Tasks\RegClean Pro_UPDATES.job not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 446.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:55:36 ====
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 2nd, 2015, 5:30 pm

The computer now runs like when I first bought it. Thank you very much!
No annoying pop ups on IE and Firefox.
Amazing! :)

Yahoo-Search and Advance System Protector are now gone, when did we do that? lol
I guess from the fixlist script? Anyhow, thank you very much!
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby Cypher » February 3rd, 2015, 7:01 am

The computer now runs like when I first bought it. No annoying pop ups on IE and Firefox.

Excellent :thumbleft:
Yahoo-Search and Advance System Protector are now gone, when did we do that? lol

It's magic :D
I would like you to run a "general purpose" online AV scan for me, this scan will check for anything the other scans might have missed.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 4th, 2015, 4:47 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 4th, 2015, 4:48 pm

Above is the only thing I got from log.txt
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby Cypher » February 5th, 2015, 7:33 am

I'm pretty confident that we got everything, since you're reporting no problems you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby rcunanan » February 5th, 2015, 8:12 pm

All systems clear!!

Thank you very much Cypher for all the help.
This Forum is the best :)
Active Member
Posts: 10
Joined: January 31st, 2015, 5:17 pm

Re: Annoying Ad Opens on New Tab Everytime I Start To Do Any

Unread postby Cypher » February 6th, 2015, 7:29 am

rcunanan wrote:Thank you very much Cypher for all the help.
This Forum is the best :)

You're most welcome :)
As you have no questions i will close this topic, good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 178 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware