Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

uh oh: optimizer pro virus [Solved]


  • This topic is locked This topic is locked
49 replies to this topic

#16 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 20 September 2014 - 08:15 PM

I got an Optimizer Pro popup upon start up as well.

This isn't actually much of a concern. Optimizer Pro is a Potentially Unwanted Programme, and not inherently malicious. 
 
The problem is that we can't get any of our tools to run. We're going to need to take a look from outside of Windows. 
 
STEP 1
YARWD1t.png FRST Recovery Environment Scan


Note: You require access to a USB drive.
Note: Please print off these instructions, or ensure you have access to them using a different device.

  • Insert your USB drive into your PC.
  • Please download Farbar Recovery Scan Tool 64-Bit and save the file to your USB drive.
  • Enter the Recovery Environment. 
     

Option #1: Enter Recovery Environment (Windows 8)

  • Consult the following instructions on how to enter the Recovery Environment Command Prompt in Windows 8.
     

Advanced Boot Options Menu

  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File and select Open
  • Select Computer, write down your USB drive letter on a piece of paper and close notepad.
  • In the command window type: x:\frst64.exe depending on your system's bit type.
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click the Scan button.
  • It will create a log (FRST.txt) on the USB drive. Using your clean PC, please copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#17 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 20 September 2014 - 08:37 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by SYSTEM on MININT-F8CCJ0D on 20-09-2014 22:35:58
Running from e:\
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-02] (Corel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\JimAngehr\...\Run: [Spotify Web Helper] => C:\Users\JimAngehr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-20] (Spotify Ltd)
HKU\JimAngehr\...\Run: [Spotify] => C:\Users\JimAngehr\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-20] (Spotify Ltd)
HKU\JimAngehr\...\Run: [GoogleChromeAutoLaunch_C003498800951E7DAE59A0A337978D44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\JimAngehr\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-09-16] (PC Utilities Software Limited)
Startup: C:\Users\JimAngehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3649616 2014-09-17] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S2 Update Klip Pal; C:\Program Files (x86)\Klip Pal\updateKlipPal.exe [325360 2014-09-20] ()
S2 Util Klip Pal; C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [325360 2014-09-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [44688 2014-09-16] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 22:35 - 2014-09-20 22:35 - 00000000 ____D () C:\FRST
2014-09-20 17:54 - 2014-09-20 17:54 - 00005758 _____ () C:\Users\JimAngehr\Desktop\exe.reg
2014-09-20 17:09 - 2014-09-20 17:10 - 01267132 _____ () C:\Users\JimAngehr\Desktop\system summary.nfo
2014-09-20 16:01 - 2014-09-20 16:01 - 01911244 _____ () C:\Users\JimAngehr\Desktop\rkill.exe
2014-09-20 15:00 - 2014-09-20 15:02 - 04149736 _____ () C:\Users\JimAngehr\Downloads\tdsskiller.exe.part
2014-09-20 14:56 - 2014-09-20 14:56 - 02092716 _____ () C:\Users\JimAngehr\Desktop\FRST64.exe
2014-09-20 10:45 - 2014-09-20 10:45 - 00684612 _____ (Swearware) C:\Users\JimAngehr\Desktop\dds.scr
2014-09-20 10:43 - 2014-09-20 10:47 - 00387185 _____ () C:\Users\JimAngehr\Desktop\HiJackThis.exe
2014-09-20 10:41 - 2014-09-20 10:42 - 00596272 _____ () C:\Users\JimAngehr\Downloads\OTL.exe
2014-09-20 10:35 - 2014-09-20 10:36 - 19273568 _____ () C:\Users\JimAngehr\Downloads\SUPERAntiSpyware(1).exe
2014-09-20 10:33 - 2014-09-20 10:33 - 02321104 _____ () C:\Users\JimAngehr\Downloads\esetsmartinstaller_enu.exe
2014-09-20 09:50 - 2014-09-20 09:50 - 00364640 _____ (Kaspersky Lab) C:\Users\JimAngehr\Downloads\kss12.0.1.808_6398_6399.exe
2014-09-20 09:48 - 2014-09-20 09:49 - 17111720 _____ () C:\Users\JimAngehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 09:20 - 2014-09-16 18:58 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys
2014-09-17 09:17 - 2014-09-20 18:22 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\Documents\Optimizer Pro
2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Optimizer Pro
2014-09-17 09:14 - 2014-09-20 10:25 - 00000000 ____D () C:\Program Files (x86)\Klip Pal
2014-09-17 09:12 - 2014-09-17 09:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-17 09:10 - 2014-09-17 09:10 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\SearchProtect
2014-09-17 09:08 - 2014-09-17 09:08 - 00083312 _____ (Premium Installer ) C:\Users\JimAngehr\Downloads\fl_setup.exe
2014-09-11 14:13 - 2014-08-16 01:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-09-11 14:13 - 2014-08-16 01:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-11 14:13 - 2014-08-16 01:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2014-09-11 14:13 - 2014-08-16 01:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-11 14:13 - 2014-08-16 01:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-11 14:13 - 2014-08-16 01:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-09-11 14:13 - 2014-08-16 01:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-09-11 14:13 - 2014-08-16 01:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-11 14:13 - 2014-08-15 23:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 14:13 - 2014-08-15 23:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 14:13 - 2014-08-15 23:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 14:13 - 2014-08-15 23:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 14:13 - 2014-03-06 16:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 14:13 - 2013-05-15 14:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-11 14:13 - 2013-05-15 14:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2014-09-11 14:13 - 2013-05-14 05:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-11 14:13 - 2013-05-14 01:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 14:13 - 2013-02-21 02:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-11 14:13 - 2013-02-21 02:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 14:13 - 2013-02-21 02:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 14:13 - 2013-02-21 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 14:13 - 2013-02-21 02:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-09-11 14:13 - 2013-02-21 02:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-11 14:13 - 2013-02-19 01:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-11 14:13 - 2012-11-07 20:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-11 14:13 - 2012-11-07 20:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-11 14:13 - 2012-07-25 19:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-11 14:12 - 2014-08-16 01:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-11 14:12 - 2014-08-15 23:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 04:08 - 2014-09-04 14:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-11 04:08 - 2014-09-02 17:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-11 03:58 - 2014-07-31 15:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2014-09-11 03:58 - 2014-06-04 17:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\System32\msvcp120_clr0400.dll
2014-09-11 03:58 - 2014-06-03 15:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-11 03:57 - 2014-08-28 03:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-09-11 03:57 - 2014-08-27 22:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-11 03:57 - 2014-08-27 22:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-11 03:57 - 2014-08-27 22:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-11 03:57 - 2014-08-27 22:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-11 03:57 - 2014-08-27 22:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-09-11 03:57 - 2014-08-27 22:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-09-11 03:57 - 2014-08-27 22:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2014-09-11 03:57 - 2014-07-23 19:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 03:57 - 2014-07-23 19:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\System32\msvcr120_clr0400.dll
2014-09-08 15:27 - 2014-09-08 15:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-02 10:06 - 2014-09-20 04:12 - 00003194 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimAngehr
2014-08-28 03:54 - 2014-08-22 22:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-24 08:55 - 2014-09-08 15:27 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-24 08:55 - 2014-08-24 08:55 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 22:35 - 2014-09-20 22:35 - 00000000 ____D () C:\FRST
2014-09-20 18:22 - 2014-09-17 09:17 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-20 18:22 - 2012-11-01 17:35 - 01639407 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:09 - 2012-11-07 07:26 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Spotify
2014-09-20 18:04 - 2012-07-25 23:28 - 00006428 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-20 18:02 - 2012-11-07 10:40 - 00000000 ___RD () C:\Users\JimAngehr\Dropbox
2014-09-20 18:02 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-09-20 18:01 - 2014-05-13 06:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-20 18:01 - 2013-07-07 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-20 18:01 - 2012-11-07 08:47 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Dropbox
2014-09-20 18:00 - 2012-11-07 07:27 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\Spotify
2014-09-20 17:59 - 2012-11-05 08:45 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 17:58 - 2012-07-25 21:26 - 00000194 _____ () C:\Windows\win.ini
2014-09-20 17:57 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 17:56 - 2012-08-03 14:23 - 00585572 _____ () C:\Windows\PFRO.log
2014-09-20 17:54 - 2014-09-20 17:54 - 00005758 _____ () C:\Users\JimAngehr\Desktop\exe.reg
2014-09-20 17:53 - 2012-11-05 08:45 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 17:35 - 2012-11-04 11:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 17:10 - 2014-09-20 17:09 - 01267132 _____ () C:\Users\JimAngehr\Desktop\system summary.nfo
2014-09-20 16:01 - 2014-09-20 16:01 - 01911244 _____ () C:\Users\JimAngehr\Desktop\rkill.exe
2014-09-20 15:02 - 2014-09-20 15:00 - 04149736 _____ () C:\Users\JimAngehr\Downloads\tdsskiller.exe.part
2014-09-20 14:56 - 2014-09-20 14:56 - 02092716 _____ () C:\Users\JimAngehr\Desktop\FRST64.exe
2014-09-20 11:13 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\rescache
2014-09-20 10:47 - 2014-09-20 10:43 - 00387185 _____ () C:\Users\JimAngehr\Desktop\HiJackThis.exe
2014-09-20 10:45 - 2014-09-20 10:45 - 00684612 _____ (Swearware) C:\Users\JimAngehr\Desktop\dds.scr
2014-09-20 10:42 - 2014-09-20 10:41 - 00596272 _____ () C:\Users\JimAngehr\Downloads\OTL.exe
2014-09-20 10:36 - 2014-09-20 10:35 - 19273568 _____ () C:\Users\JimAngehr\Downloads\SUPERAntiSpyware(1).exe
2014-09-20 10:33 - 2014-09-20 10:33 - 02321104 _____ () C:\Users\JimAngehr\Downloads\esetsmartinstaller_enu.exe
2014-09-20 10:25 - 2014-09-17 09:14 - 00000000 ____D () C:\Program Files (x86)\Klip Pal
2014-09-20 10:25 - 2013-05-25 09:32 - 00000372 _____ () C:\Windows\Tasks\HPCeeScheduleForJimAngehr.job
2014-09-20 10:25 - 2012-11-01 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 10:25 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\addins
2014-09-20 10:24 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-09-20 09:50 - 2014-09-20 09:50 - 00364640 _____ (Kaspersky Lab) C:\Users\JimAngehr\Downloads\kss12.0.1.808_6398_6399.exe
2014-09-20 09:49 - 2014-09-20 09:48 - 17111720 _____ () C:\Users\JimAngehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 09:31 - 2012-11-01 17:39 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C235ACB-A9BA-47EB-A95E-3C18B997246B}
2014-09-20 04:12 - 2014-09-02 10:06 - 00003194 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimAngehr
2014-09-20 04:12 - 2012-11-01 17:36 - 00000000 ____D () C:\users\JimAngehr
2014-09-20 03:56 - 2012-11-10 10:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-20 03:55 - 2012-12-22 08:44 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-19 04:56 - 2012-11-01 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2393212166-3480209652-2217339028-1004
2014-09-19 03:42 - 2012-11-05 08:47 - 00002247 _____ () C:\Users\JimAngehr\Desktop\Google Chrome.lnk
2014-09-18 03:41 - 2012-11-01 17:44 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\Documents\Optimizer Pro
2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Optimizer Pro
2014-09-17 09:12 - 2014-09-17 09:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-17 09:10 - 2014-09-17 09:10 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\SearchProtect
2014-09-17 09:08 - 2014-09-17 09:08 - 00083312 _____ (Premium Installer ) C:\Users\JimAngehr\Downloads\fl_setup.exe
2014-09-17 04:34 - 2013-07-04 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 18:58 - 2014-09-17 09:20 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys
2014-09-16 13:10 - 2012-11-07 10:48 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-09-15 15:47 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-14 15:56 - 2014-07-14 05:03 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-14 04:28 - 2013-08-13 23:05 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-14 04:19 - 2012-12-15 14:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-11 14:32 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-09 09:35 - 2012-11-04 11:20 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 15:27 - 2014-09-08 15:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-08 15:27 - 2014-08-24 08:55 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-04 14:36 - 2014-09-11 04:08 - 00755712 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-02 17:49 - 2014-09-11 04:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-02 11:32 - 2014-08-17 05:45 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 11:32 - 2014-08-17 05:45 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 04:51 - 2014-07-16 03:56 - 00351512 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-31 04:51 - 2014-06-06 15:40 - 00000380 _____ () C:\Windows\Tasks\HPCeeScheduleForJIMCOMPUTER$.job
2014-08-28 03:34 - 2014-09-11 03:57 - 00059400 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-27 22:05 - 2014-09-11 03:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 22:05 - 2014-09-11 03:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 22:05 - 2014-09-11 03:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 22:05 - 2014-09-11 03:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-27 22:02 - 2014-09-11 03:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-27 22:01 - 2014-09-11 03:57 - 03285504 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 01623552 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00253440 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-27 22:01 - 2014-09-11 03:57 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2014-08-24 08:55 - 2014-08-24 08:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 08:54 - 2012-11-05 09:16 - 00187904 ___SH () C:\Users\JimAngehr\Downloads\Thumbs.db
2014-08-22 22:47 - 2014-08-28 03:54 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-21 21:21 - 2014-06-06 15:40 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJIMCOMPUTER$

Some content of TEMP:
====================
C:\Users\JimAngehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_kisj.dll
C:\Users\JimAngehr\AppData\Local\Temp\Extract.exe
C:\Users\JimAngehr\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-2-g1e4dcde-b3086jnks.dll
C:\Users\JimAngehr\AppData\Local\Temp\KlipPalSetup.exe
C:\Users\JimAngehr\AppData\Local\Temp\OptimizerPro.exe
C:\Users\JimAngehr\AppData\Local\Temp\Quarantine.exe
C:\Users\JimAngehr\AppData\Local\Temp\SP62765.exe
C:\Users\JimAngehr\AppData\Local\Temp\SP63599.exe
C:\Users\JimAngehr\AppData\Local\Temp\SP63752.exe
C:\Users\JimAngehr\AppData\Local\Temp\sp64126.exe
C:\Users\JimAngehr\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\JimAngehr\AppData\Local\Temp\zakievor.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-09-05 03:32:19
Restore point made on: 2014-09-11 14:09:23
Restore point made on: 2014-09-19 05:38:05

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3554.26 MB
Available physical RAM: 2882.78 MB
Total Pagefile: 3554.26 MB
Available Pagefile: 2894.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive a: (WINRE) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS
Drive c: () (Fixed) (Total:672.51 GB) (Free:466.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.36 GB) (Free:3.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3D867707)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-09-19 04:09

==================== End Of Log ============================



#18 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 20 September 2014 - 09:01 PM

Hello, 
 
When did you run ComboFix, and for what purpose? I would like to see the log created, so please read the warning below, and include the contents of log after you've completed STEP 1 below.
 

goGMWSt.gifComboFix Warning

------------------------------
 
From your logs I can see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest infections; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article
 
As you have already run ComboFix, I would like to see the log generated. Please navigate to your root folder (usually C:\) and open ComboFix.txtCopy the contents of the log and paste in your next reply.

 

STEP 1
xlK5Hdb.png FRST Recovery Environment Script

  • Using your clean PC, press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKU\JimAngehr\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-09-16] (PC Utilities Software Limited)
    S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3649616 2014-09-17] ()
    c:\Program Files (x86)\Optimizer Pro
    S2 Update Klip Pal; C:\Program Files (x86)\Klip Pal\updateKlipPal.exe [325360 2014-09-20] ()
    S2 Util Klip Pal; C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [325360 2014-09-20] ()
    S1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [44688 2014-09-16] (StdLib)
    2014-09-17 09:20 - 2014-09-16 18:58 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys
    2014-09-17 09:17 - 2014-09-20 18:22 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
    2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\Documents\Optimizer Pro
    2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Optimizer Pro
    2014-09-17 09:14 - 2014-09-20 10:25 - 00000000 ____D () C:\Program Files (x86)\Klip Pal
    2014-09-17 09:12 - 2014-09-17 09:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
    2014-09-17 09:10 - 2014-09-17 09:10 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\SearchProtect
    2014-09-17 09:08 - 2014-09-17 09:08 - 00083312 _____ (Premium Installer ) C:\Users\JimAngehr\Downloads\fl_setup.exe
    2014-08-24 08:54 - 2012-11-05 09:16 - 00187904 ___SH () C:\Users\JimAngehr\Downloads\Thumbs.db
    C:\Users\JimAngehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_kisj.dll
    C:\Users\JimAngehr\AppData\Local\Temp\Extract.exe
    C:\Users\JimAngehr\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-2-g1e4dcde-b3086jnks.dll
    C:\Users\JimAngehr\AppData\Local\Temp\KlipPalSetup.exe
    C:\Users\JimAngehr\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\JimAngehr\AppData\Local\Temp\Quarantine.exe
    C:\Users\JimAngehr\AppData\Local\Temp\SP62765.exe
    C:\Users\JimAngehr\AppData\Local\Temp\SP63599.exe
    C:\Users\JimAngehr\AppData\Local\Temp\SP63752.exe
    C:\Users\JimAngehr\AppData\Local\Temp\sp64126.exe
    C:\Users\JimAngehr\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\JimAngehr\AppData\Local\Temp\zakievor.dll
    end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click the Fix button once.
  • A log (Fixlog.txt) will be created on your USB drive.
  • Boot back into Windows normally
  • Copy the contents of Fixlog.txt and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ComboFix.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#19 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 20 September 2014 - 09:22 PM

Combofix was from the last time I was at this forum, under the direction of someone here, when I thought I had a virus (although I'm not sure that I actually had one - it was adsense that I only thought was a virus.)  I can't seem to find combofix.txt when I search for it. 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by SYSTEM at 2014-09-20 23:11:51 Run:1

Running from e:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

start

HKU\JimAngehr\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-09-16] (PC Utilities Software Limited)

S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3649616 2014-09-17] ()

c:\Program Files (x86)\Optimizer Pro

S2 Update Klip Pal; C:\Program Files (x86)\Klip Pal\updateKlipPal.exe [325360 2014-09-20] ()

S2 Util Klip Pal; C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [325360 2014-09-20] ()

S1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [44688 2014-09-16] (StdLib)

2014-09-17 09:20 - 2014-09-16 18:58 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys

2014-09-17 09:17 - 2014-09-20 18:22 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule

2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\Documents\Optimizer Pro

2014-09-17 09:17 - 2014-09-17 09:17 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Optimizer Pro

2014-09-17 09:14 - 2014-09-20 10:25 - 00000000 ____D () C:\Program Files (x86)\Klip Pal

2014-09-17 09:12 - 2014-09-17 09:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-09-17 09:10 - 2014-09-17 09:10 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\SearchProtect

2014-09-17 09:08 - 2014-09-17 09:08 - 00083312 _____ (Premium Installer ) C:\Users\JimAngehr\Downloads\fl_setup.exe

2014-08-24 08:54 - 2012-11-05 09:16 - 00187904 ___SH () C:\Users\JimAngehr\Downloads\Thumbs.db

C:\Users\JimAngehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_kisj.dll

C:\Users\JimAngehr\AppData\Local\Temp\Extract.exe

C:\Users\JimAngehr\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-2-g1e4dcde-b3086jnks.dll

C:\Users\JimAngehr\AppData\Local\Temp\KlipPalSetup.exe

C:\Users\JimAngehr\AppData\Local\Temp\OptimizerPro.exe

C:\Users\JimAngehr\AppData\Local\Temp\Quarantine.exe

C:\Users\JimAngehr\AppData\Local\Temp\SP62765.exe

C:\Users\JimAngehr\AppData\Local\Temp\SP63599.exe

C:\Users\JimAngehr\AppData\Local\Temp\SP63752.exe

C:\Users\JimAngehr\AppData\Local\Temp\sp64126.exe

C:\Users\JimAngehr\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\JimAngehr\AppData\Local\Temp\zakievor.dll

end

*****************

 

HKU\JimAngehr\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value deleted successfully.

70e6ca8c => Service deleted successfully.

c:\Program Files (x86)\Optimizer Pro => Moved successfully.

Update Klip Pal => Service deleted successfully.

Util Klip Pal => Service deleted successfully.

{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64 => Service deleted successfully.

C:\Windows\System32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys => Moved successfully.

C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.

C:\Users\JimAngehr\Documents\Optimizer Pro => Moved successfully.

C:\Users\JimAngehr\AppData\Roaming\Optimizer Pro => Moved successfully.

C:\Program Files (x86)\Klip Pal => Moved successfully.

"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.

C:\Users\JimAngehr\AppData\Local\SearchProtect => Moved successfully.

C:\Users\JimAngehr\Downloads\fl_setup.exe => Moved successfully.

C:\Users\JimAngehr\Downloads\Thumbs.db => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_kisj.dll => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-2-g1e4dcde-b3086jnks.dll => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\KlipPalSetup.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\SP62765.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\SP63599.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\SP63752.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\sp64126.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

C:\Users\JimAngehr\AppData\Local\Temp\zakievor.dll => Moved successfully.

 

==== End of Fixlog ====



#20 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 20 September 2014 - 09:29 PM

OK, don't worry about ComboFix.txt. I only wanted the log if ComboFix was run recently. 

 

Can you temporarily disable Windows Smart Screen (instructions here), and see if you can run FRST or RKill in normal mode please. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#21 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 11:24 AM

I was able to disable Window's Smart Screen but I was not able to open Rkill or FRST - same 
This App can't run on this PC.  To find a version for your PC, check with the software publisher" is the exact message, and it is in the Windows Smart Screen font and appears as a message contained in a horizontal bar across the entire screen.  



#22 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 September 2014 - 12:36 PM

Hello, 

 

Do you have access to a second PC? 

 

For now, please boot into Safe Mode, and try running RKill and FRST (in that order) from there. 

Instructions on how to boot into Safe Mode can be found here (scroll down to "Getting To Safe Mode From Within Windows 8"). 

 

To get back into Normal Mode, please reverse the steps you made to get into Safe Mode. Let me know how you get on. 

 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#23 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 02:30 PM

Yes I have access to another PC. 

 

I started in Safe Mode and still was not able to run either program, same error message. 



#24 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 02:38 PM

One more thought - would my malwarebytes or Avast log help?  Those are only thing I was able to run prior to coming here - maybe because both of those I had already downloaded on my computer.  I'm not sure if they are able to update though - When I ran it a few days ago, Malwarebytes gave a "You need to update" message, but then when I hit update, it said it wasn't able to connect to server.  Then when I just hit run, it seemed to go through some sort of update process before actually running. 

 

Thanks for your work,

Emily


Edited by lookingforaname, 21 September 2014 - 02:39 PM.


#25 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 02:52 PM

New problem:  I rebooted to be in normal mode, and now it is not allowing me to connect to the internet:  Says ""No connections available" and when I hit troubleshoot, it says "Troubleshootnig couldn't identify the problem,"

 

Also, in Windows Action Center, which I clicked because it was the flag next to the bottom right corner where the network signal usualy is, it gives the issue:  "Windows Security Center is turned off"  and when I try to turn it on, there is an error message that says that "The Windows Security Center can't be started." 

 

I am typing from our other computer, obviously. 


    Advertisements

Register to Remove


#26 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 September 2014 - 02:58 PM

Hello, 

 

You'll need a USB drive for this. 
 
Please install the following programme on your clean PC, and follow the instructions to vaccinate your USB drive. 

 

xypeNg1J.png.pagespeed.ic.qhphuGW-Nt.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated
  • Hold down the Shift key on your keyboard and insert your USB flash/external drive.
  • When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

 

 

Once done, please download RKill and FRST and save the files to your USB drive using your clean PC. 

Hold Shift on your infected PC, and insert your USB drive. Navigate to your USB drive using Windows Explorer, and attempt to run RKill and FRST from your USB drive. 

 

Let me know how you get on.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#27 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 03:23 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 09/21/2014 05:15:08 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\apppatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity:

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Disabled

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Disabled

 * Plug and Play (PlugPlay) is not Running.
   Startup Type set to: Disabled

 * Plug and Play (RpcSs) is not Running.
   Startup Type set to: Disabled

 * Plug and Play (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Windows Management Instrumentation (Winmgmt) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 09/21/2014 05:17:45 PM
Execution time: 0 hours(s), 2 minute(s), and 36 seconds(s)
 

 

 

--------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by JimAngehr (administrator) on JIMCOMPUTER on 21-09-2014 17:19:17
Running from F:\
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Spotify Ltd) C:\Users\JimAngehr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Dropbox, Inc.) C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-2393212166-3480209652-2217339028-1004\...\Run: [Spotify Web Helper] => C:\Users\JimAngehr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-20] (Spotify Ltd)
HKU\S-1-5-21-2393212166-3480209652-2217339028-1004\...\Run: [Spotify] => C:\Users\JimAngehr\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-20] (Spotify Ltd)
HKU\S-1-5-21-2393212166-3480209652-2217339028-1004\...\Run: [GoogleChromeAutoLaunch_C003498800951E7DAE59A0A337978D44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\JimAngehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {F05749BB-0626-4108-9BA0-E2C7F7D1B555} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {F05749BB-0626-4108-9BA0-E2C7F7D1B555} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {F05749BB-0626-4108-9BA0-E2C7F7D1B555} URL = http://www.amazon.co...s={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Klip Pal -> {e371c496-8579-4c9a-a396-2a35639beb3b} -> C:\Program Files (x86)\Klip Pal\KlipPalbho.dll No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxp://google.com/
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\yahoo-avast.xml
FF Extension: Pin It button - C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\Extensions\pinterest@robertnyman.com.xpi [2013-12-11]
FF Extension: Adblock Plus - C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-07]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR Profile: C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (Google Search) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (avast! SafePrice) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-16]
CHR Extension: (avast! Online Security) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-16]
CHR Extension: (Pin It Button) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\JimAngehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S4 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S4 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S4 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 17:15 - 2014-09-21 17:17 - 00004406 _____ () C:\Users\JimAngehr\Desktop\Rkill.txt
2014-09-21 16:26 - 2014-09-21 16:26 - 00000000 ____D () C:\Windows\pss
2014-09-21 02:35 - 2014-09-21 17:19 - 00000000 ____D () C:\FRST
2014-09-20 21:54 - 2014-09-20 21:54 - 00005758 _____ () C:\Users\JimAngehr\Desktop\exe.reg
2014-09-20 21:09 - 2014-09-20 21:10 - 01267132 _____ () C:\Users\JimAngehr\Desktop\system summary.nfo
2014-09-20 20:01 - 2014-09-20 20:01 - 01911244 _____ () C:\Users\JimAngehr\Desktop\rkill.exe
2014-09-20 19:00 - 2014-09-20 19:02 - 04149736 _____ () C:\Users\JimAngehr\Downloads\tdsskiller.exe.part
2014-09-20 18:56 - 2014-09-20 18:56 - 02092716 _____ () C:\Users\JimAngehr\Desktop\FRST64.exe
2014-09-20 14:45 - 2014-09-20 14:45 - 00684612 _____ (Swearware) C:\Users\JimAngehr\Desktop\dds.scr
2014-09-20 14:43 - 2014-09-20 14:47 - 00387185 _____ () C:\Users\JimAngehr\Desktop\HiJackThis.exe
2014-09-20 14:41 - 2014-09-20 14:42 - 00596272 _____ () C:\Users\JimAngehr\Downloads\OTL.exe
2014-09-20 14:35 - 2014-09-20 14:36 - 19273568 _____ () C:\Users\JimAngehr\Downloads\SUPERAntiSpyware(1).exe
2014-09-20 14:33 - 2014-09-20 14:33 - 02321104 _____ () C:\Users\JimAngehr\Downloads\esetsmartinstaller_enu.exe
2014-09-20 13:50 - 2014-09-20 13:50 - 00364640 _____ (Kaspersky Lab) C:\Users\JimAngehr\Downloads\kss12.0.1.808_6398_6399.exe
2014-09-20 13:48 - 2014-09-20 13:49 - 17111720 _____ () C:\Users\JimAngehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-11 18:13 - 2014-08-16 05:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 18:13 - 2014-08-16 05:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 18:13 - 2014-08-16 05:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-11 18:13 - 2014-08-16 05:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 18:13 - 2014-08-16 05:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 18:13 - 2014-08-16 05:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 18:13 - 2014-08-16 05:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 18:13 - 2014-08-16 05:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 18:13 - 2014-08-16 03:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 18:13 - 2014-08-16 03:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 18:13 - 2014-08-16 03:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 18:13 - 2014-08-16 03:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 18:13 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 18:13 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-11 18:13 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-11 18:13 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 18:13 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 18:13 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-11 18:13 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 18:13 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 18:13 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 18:13 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-11 18:13 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 18:13 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-11 18:13 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 18:13 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 18:13 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 18:12 - 2014-08-16 05:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 18:12 - 2014-08-16 03:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 08:08 - 2014-09-04 18:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:08 - 2014-09-02 21:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 07:58 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-11 07:58 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-11 07:58 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-11 07:57 - 2014-08-28 07:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-11 07:57 - 2014-08-28 02:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-11 07:57 - 2014-08-28 02:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-11 07:57 - 2014-08-28 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-11 07:57 - 2014-08-28 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-11 07:57 - 2014-08-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-11 07:57 - 2014-08-28 02:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-11 07:57 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-11 07:57 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 07:57 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-08 19:27 - 2014-09-08 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-09-08 19:27 - 2014-09-08 19:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-02 14:06 - 2014-09-21 09:15 - 00003194 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimAngehr
2014-08-28 07:54 - 2014-08-23 02:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 12:55 - 2014-09-08 19:27 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-24 12:55 - 2014-08-24 12:55 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 17:19 - 2014-09-21 02:35 - 00000000 ____D () C:\FRST
2014-09-21 17:17 - 2014-09-21 17:15 - 00004406 _____ () C:\Users\JimAngehr\Desktop\Rkill.txt
2014-09-21 17:02 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-21 16:53 - 2012-11-05 12:45 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 16:50 - 2012-11-07 11:26 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Spotify
2014-09-21 16:50 - 2012-11-05 12:45 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 16:49 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 16:35 - 2012-11-04 15:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 16:26 - 2014-09-21 16:26 - 00000000 ____D () C:\Windows\pss
2014-09-21 16:26 - 2012-11-07 14:40 - 00000000 ___RD () C:\Users\JimAngehr\Dropbox
2014-09-21 16:25 - 2012-11-07 12:47 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Dropbox
2014-09-21 16:24 - 2013-07-04 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 16:24 - 2012-11-01 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 16:22 - 2012-11-01 21:35 - 01746032 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 16:21 - 2014-06-06 19:40 - 00000380 _____ () C:\Windows\Tasks\HPCeeScheduleForJIMCOMPUTER$.job
2014-09-21 16:21 - 2013-05-25 13:32 - 00000372 _____ () C:\Windows\Tasks\HPCeeScheduleForJimAngehr.job
2014-09-21 13:21 - 2014-06-06 19:40 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJIMCOMPUTER$
2014-09-21 09:15 - 2014-09-02 14:06 - 00003194 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimAngehr
2014-09-21 09:15 - 2012-11-01 21:36 - 00000000 ____D () C:\Users\JimAngehr
2014-09-20 23:20 - 2012-11-07 14:40 - 00001032 _____ () C:\Users\JimAngehr\Desktop\Dropbox.lnk
2014-09-20 23:20 - 2012-11-07 12:49 - 00000000 ____D () C:\Users\JimAngehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-20 23:18 - 2012-07-26 03:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 23:09 - 2012-07-26 03:21 - 00040094 _____ () C:\Windows\setupact.log
2014-09-20 23:07 - 2012-07-26 01:26 - 00000194 _____ () C:\Windows\win.ini
2014-09-20 22:01 - 2014-05-13 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 22:01 - 2013-07-07 18:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-20 22:00 - 2012-11-07 11:27 - 00000000 ____D () C:\Users\JimAngehr\AppData\Local\Spotify
2014-09-20 21:56 - 2012-08-03 18:23 - 00585572 _____ () C:\Windows\PFRO.log
2014-09-20 21:54 - 2014-09-20 21:54 - 00005758 _____ () C:\Users\JimAngehr\Desktop\exe.reg
2014-09-20 21:10 - 2014-09-20 21:09 - 01267132 _____ () C:\Users\JimAngehr\Desktop\system summary.nfo
2014-09-20 20:01 - 2014-09-20 20:01 - 01911244 _____ () C:\Users\JimAngehr\Desktop\rkill.exe
2014-09-20 19:02 - 2014-09-20 19:00 - 04149736 _____ () C:\Users\JimAngehr\Downloads\tdsskiller.exe.part
2014-09-20 18:56 - 2014-09-20 18:56 - 02092716 _____ () C:\Users\JimAngehr\Desktop\FRST64.exe
2014-09-20 15:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-20 14:47 - 2014-09-20 14:43 - 00387185 _____ () C:\Users\JimAngehr\Desktop\HiJackThis.exe
2014-09-20 14:45 - 2014-09-20 14:45 - 00684612 _____ (Swearware) C:\Users\JimAngehr\Desktop\dds.scr
2014-09-20 14:42 - 2014-09-20 14:41 - 00596272 _____ () C:\Users\JimAngehr\Downloads\OTL.exe
2014-09-20 14:36 - 2014-09-20 14:35 - 19273568 _____ () C:\Users\JimAngehr\Downloads\SUPERAntiSpyware(1).exe
2014-09-20 14:33 - 2014-09-20 14:33 - 02321104 _____ () C:\Users\JimAngehr\Downloads\esetsmartinstaller_enu.exe
2014-09-20 14:25 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\addins
2014-09-20 14:24 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-20 13:50 - 2014-09-20 13:50 - 00364640 _____ (Kaspersky Lab) C:\Users\JimAngehr\Downloads\kss12.0.1.808_6398_6399.exe
2014-09-20 13:49 - 2014-09-20 13:48 - 17111720 _____ () C:\Users\JimAngehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 13:31 - 2012-11-01 21:39 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C235ACB-A9BA-47EB-A95E-3C18B997246B}
2014-09-20 07:56 - 2012-11-10 14:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-20 07:55 - 2012-12-22 12:44 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-19 08:56 - 2012-11-01 21:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2393212166-3480209652-2217339028-1004
2014-09-19 07:42 - 2012-11-05 12:47 - 00002247 _____ () C:\Users\JimAngehr\Desktop\Google Chrome.lnk
2014-09-18 07:41 - 2012-11-01 21:44 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-18 07:41 - 2012-11-01 21:44 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-16 17:10 - 2012-11-07 14:48 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-09-15 19:47 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-14 19:56 - 2014-07-14 09:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 08:28 - 2013-08-14 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 08:19 - 2012-12-15 18:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 18:32 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-09 13:35 - 2012-11-04 15:20 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 19:27 - 2014-09-08 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-09-08 19:27 - 2014-09-08 19:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-08 19:27 - 2014-08-24 12:55 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-04 18:36 - 2014-09-11 08:08 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-02 21:49 - 2014-09-11 08:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 15:32 - 2014-08-17 09:45 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 15:32 - 2014-08-17 09:45 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 08:51 - 2014-07-16 07:56 - 00351512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 07:34 - 2014-09-11 07:57 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 02:05 - 2014-09-11 07:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 02:05 - 2014-09-11 07:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 02:05 - 2014-09-11 07:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 02:05 - 2014-09-11 07:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 02:02 - 2014-09-11 07:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 02:01 - 2014-09-11 07:57 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 02:01 - 2014-09-11 07:57 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-24 12:55 - 2014-08-24 12:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-23 02:47 - 2014-08-28 07:54 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\JimAngehr\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpogkizd.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 08:09

==================== End Of Log ============================

 

 

 

-----------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by JimAngehr at 2014-09-21 17:20:25
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BibleWorks 5 (HKLM-x32\...\{A8656CC0-6E08-11D4-9A83-00A0CC3530CA}) (Version:  - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.2.28499 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
ItzaBitza (HKLM-x32\...\{C04D4C3E-B6F0-4E39-A576-C5DB9736BF51}) (Version: 1.0.2 - Sabi)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Klip Pal (HKLM\...\Klip Pal) (Version: 2014.09.14.225102 - Klip Pal)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.1 - PC Utilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PFPortChecker 1.0.40 (HKLM-x32\...\PFPortChecker) (Version: 1.0.40 - Portforward.com)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Migration Assistant (HKLM-x32\...\{D8BC400A-9D14-468B-A674-1D76A987AAFC}) (Version: 1.0.1.3 - Apple Inc.)
WordPerfect Office X3 (HKLM-x32\...\_{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version:  - Corel Corporation)
WordPerfect Office X3 (x32 Version: 13.3 - Corel Corporation) Hidden
Zoombinis Mountain Rescue™ (HKLM-x32\...\Zoombinis Mountain Rescue™) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393212166-3480209652-2217339028-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2013-07-13 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00816C35-F547-4DF2-A85C-4FB4171CDAFB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {0F6DC34A-4F00-46B6-B7B0-0C446446E41B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.)
Task: {183DDC39-514E-4E15-BFB5-D87BDB97C3F4} - System32\Tasks\HPCeeScheduleForJimAngehr => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1A379E6E-DB37-4083-9090-C496544493DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E2751CB-9FEF-4C42-946D-1CDD7621F6C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {43B2203A-DE37-4D1E-90BF-69D9421B595C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {48CAD0ED-51EC-476F-BE8A-AE05CF5C8322} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {4C18675A-3B43-4FA3-8004-7142FCBBD785} - System32\Tasks\HPCeeScheduleForJIMCOMPUTER$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4E408DEE-21FF-42B3-9440-A0A90D2C6257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4EA28579-3F90-473C-AE53-4D1E299A6B7F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {5F4414E7-7A32-4929-88B1-63058FCAEBB2} - \AmiUpdXp No Task File <==== ATTENTION
Task: {63CAF812-6DE5-4113-A0EB-324617B1BB92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {7DE7C8BD-88B8-431C-8F54-75CBA44A62A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {8C7CF3B0-221D-41B9-8E7C-D06B01FB0CC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.)
Task: {98E14353-F68C-48CA-937B-1F2F0E110677} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-14] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A81F4325-3AC5-41DA-BB21-4F4507E92E6B} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {ABEB4928-1A83-4B88-9E4A-7F6E8924530C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {C177B765-3A8D-4105-B241-52F3EB7ED42C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D11585CD-BB00-4764-A616-81FA7D759D58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D6FFD391-125E-4455-989A-4E0050941500} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE0EB37E-B87F-4110-8B0F-1567EA713383} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJimAngehr.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJIMCOMPUTER$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-08-08 13:22 - 2012-08-08 13:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-14 16:34 - 2014-08-14 16:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-21 16:22 - 2014-09-21 16:22 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092101\algo.dll
2012-10-05 01:23 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-12 22:05 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 22:05 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-21 16:50 - 2014-09-21 16:50 - 00043008 _____ () c:\Users\JimAngehr\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpogkizd.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\JimAngehr\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-12 22:05 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 22:05 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 22:05 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-08-14 16:34 - 2014-08-14 16:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\JimAngehr\Desktop\2014-07-17 10.10.30.mp4:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AllUserInstallAgent => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: lxeb_device => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 2
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKCU\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 01:56:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4743

Error: (09/21/2014 01:56:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4743

Error: (09/21/2014 01:56:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/21/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276

Error: (09/21/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276

Error: (09/21/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/21/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1779

Error: (09/21/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1779

Error: (09/21/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/21/2014 09:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4430


System errors:
=============
Error: (09/21/2014 04:49:05 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/21/2014 04:30:00 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/21/2014 04:27:34 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (09/21/2014 04:26:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/21/2014 04:26:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/21/2014 04:21:14 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/20/2014 11:32:38 PM) (Source: DCOM) (EventID: 10010) (User: jimcomputer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/20/2014 11:32:38 PM) (Source: DCOM) (EventID: 10010) (User: jimcomputer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/20/2014 11:32:37 PM) (Source: DCOM) (EventID: 10010) (User: jimcomputer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/20/2014 11:32:37 PM) (Source: DCOM) (EventID: 10010) (User: jimcomputer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-21 16:27:14.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 13:23:01.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 13:22:31.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 13:19:49.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 13:19:41.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 13:19:21.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 09:18:36.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 09:15:31.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-21 09:14:53.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-20 23:20:51.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 3554.26 MB
Available physical RAM: 2412.59 MB
Total Pagefile: 5090.26 MB
Available Pagefile: 3905.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.51 GB) (Free:466.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.36 GB) (Free:3.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3D867707)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================



#28 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 September 2014 - 05:30 PM

Hello, 
 
Some of your services are disabled; STEP 1 will fix this. Before doing so, please consider the following warning. 
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms,backdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 

 
STEP 1
F0hoanr.png Revert MSCONFIG Changes

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the Services tab, click Enable All, followed by OK.
  • Reboot your machine. 
     

STEP 2
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Klip Pal
    • Optimizer Pro v3.2 
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
    SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    BHO-x32: Klip Pal -> {e371c496-8579-4c9a-a396-2a35639beb3b} -> C:\Program Files (x86)\Klip Pal\KlipPalbho.dll No File
    C:\Program Files (x86)\Klip Pal
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\aol-search.xml
    FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\yahoo-avast.xml
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
    2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    Task: {5F4414E7-7A32-4929-88B1-63058FCAEBB2} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {A81F4325-3AC5-41DA-BB21-4F4507E92E6B} - \Optimizer Pro Schedule No Task File <==== ATTENTION
    C:\PROGRA~2\SearchProtect\
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the Services enable OK?
  • Did the programmes uninstall OK?
  • Fixlog.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#29 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 September 2014 - 06:06 PM

So -

 

- I did erase bittorrent.  Will scold other family members who may have downloaded it.

- When I did the system config, on the first tab under general, I noticed that "Selective startup" is chosen, and not "Normal Startup."  Is that the right setting?  But yes, systems did enable and I now have internet access again on the laptop.

- When I uninstalled Klippal and Optimizer Plus, both of them showed then error occured while trying to uninstall . ..  It may have already uninstalled.  Would you like to remove ____ from the Programs and Features list?"  I selected yes, but I don't know if this means they have been uninstalled or not.

 

I had to run the FRST from my USB again as the desktop version still doesn't work.  Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by JimAngehr at 2014-09-21 19:53:41 Run:2

Running from F:\

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

BHO-x32: Klip Pal -> {e371c496-8579-4c9a-a396-2a35639beb3b} -> C:\Program Files (x86)\Klip Pal\KlipPalbho.dll No File

C:\Program Files (x86)\Klip Pal

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

FF SearchEngineOrder.1: Yahoo! (Avast)

FF Keyword.URL: https://search.yahoo.com/yhs/search

FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\aol-search.xml

FF SearchPlugin: C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\yahoo-avast.xml

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}

2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

Task: {5F4414E7-7A32-4929-88B1-63058FCAEBB2} - \AmiUpdXp No Task File <==== ATTENTION

Task: {A81F4325-3AC5-41DA-BB21-4F4507E92E6B} - \Optimizer Pro Schedule No Task File <==== ATTENTION

C:\PROGRA~2\SearchProtect\

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: bitsadmin /reset /allusers

EmptyTemp:

end

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.

"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.

"HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e371c496-8579-4c9a-a396-2a35639beb3b}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{e371c496-8579-4c9a-a396-2a35639beb3b}" => Key deleted successfully.

"C:\Program Files (x86)\Klip Pal" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.

"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.

"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.

Firefox SearchEngineOrder.1 deleted successfully.

Firefox Keyword.URL deleted successfully.

C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\aol-search.xml => Moved successfully.

C:\Users\JimAngehr\AppData\Roaming\Mozilla\Firefox\Profiles\7zcy930i.default\searchplugins\yahoo-avast.xml => Moved successfully.

"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F4414E7-7A32-4929-88B1-63058FCAEBB2}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F4414E7-7A32-4929-88B1-63058FCAEBB2}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A81F4325-3AC5-41DA-BB21-4F4507E92E6B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A81F4325-3AC5-41DA-BB21-4F4507E92E6B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.

"C:\PROGRA~2\SearchProtect" => File/Directory not found.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  netsh winsock reset all =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.6.9200 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

{D6E01321-4939-4272-9C4D-F4CDBA229386} canceled.

1 out of 1 jobs canceled.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 754.5 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog ====



#30 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 September 2014 - 06:39 PM

Hello, 
 

- When I did the system config, on the first tab under general, I noticed that "Selective startup" is chosen, and not "Normal Startup."  Is that the right setting?

It depends on how your system is configured. Sometimes users use MSCONFIG to disable programmes from starting up. 
I would leave this as it is for now. I will provide information on why you shouldn't use MSCONFIG as a startup manager at the end, and you can make a decision then.
 

- When I uninstalled Klippal and Optimizer Plus, both of them showed then error occured while trying to uninstall

We can check for remnants later. 
 
I'd like you to download and save TDSSKiller to your USB drive, and run from there. 
Instructions from my original post can be found here.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users