Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

live installer pop ups and shortcut help + other viruses [Solved]


  • This topic is locked This topic is locked
22 replies to this topic

#1 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 25 December 2014 - 01:04 PM

hi all,

 

i have just got a new laptop and during the first few moments of use i have managed to get a whole bunch of viral type issues :(

 

i have ran some logs

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-25 18:50:00
-----------------------------
18:50:00.358    OS Version: Windows x64 6.2.9200 
18:50:00.358    Number of processors: 4 586 0x3001
18:50:00.374    ComputerName: MY-LAPTOP  UserName: kevin
18:50:01.157    Initialize success
18:50:01.313    VM: initialized successfully
18:50:01.313    VM: Amd CPU BiosDisabled 
18:50:27.824    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000024
18:50:27.840    Disk 0 Vendor: BHT_WR202A1032G_670290F5 90014a Size: 29824MB BusType: 11
18:50:27.857    Disk 0 MBR read successfully
18:50:27.857    Disk 0 MBR scan
18:50:27.857    Disk 0 unknown MBR code
18:50:27.873    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
18:50:27.890    Disk 0 scanning C:\Windows\system32\drivers
18:50:38.379    Service scanning
18:50:43.243    Modules scanning
18:50:43.259    Disk 0 trace - called modules:
18:50:43.290    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
18:50:43.306    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0001bd64770]
18:50:43.337    3 CLASSPNP.SYS[fffff8014c04827b] -> nt!IofCallDriver -> [0xffffe0001bd4fb30]
18:50:43.353    5 amdxata.sys[fffff8014bf536b4] -> nt!IofCallDriver -> \Device\00000024[0xffffe0001bd4c7f0]
18:50:43.368    Disk 0 statistics 8441/0/0 @ 4.09 MB/s
18:50:43.384    Scan finished successfully
18:51:06.486    Disk 0 MBR has been saved successfully to "C:\Users\kevin\Desktop\MBR.dat"
18:51:06.533    The log file has been saved successfully to "C:\Users\kevin\Desktop\aswMBR.txt"
 
-
-
-
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by kevin (administrator) on MY-LAPTOP on 25-12-2014 18:54:42
Running from C:\Users\kevin\Downloads
Loaded Profile: kevin (Available profiles: kevin)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe.691e.deleteme
() C:\Windows\rcore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA8B28.tmp
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcu9109.tmp
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [702808 2014-06-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1559278574-202871057-2195148621-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1559278574-202871057-2195148621-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {8D394175-22B2-4598-B22F-D2DEA00920F0} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1559278574-202871057-2195148621-1002 -> {8D394175-22B2-4598-B22F-D2DEA00920F0} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.youtube.com/user/swiftmini?feature=mhee
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate={installDate}", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate=04/03/2013", "hxxp://www.google.com/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Write Space) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-12-25]
CHR Extension: (Screenr) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmdmhlhifnkjklgeikfdmffiigfoged [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Webpage Screenshot) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
CHR Extension: (Gliffy Diagrams) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-12-25]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Solitaire) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2014-12-25]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-25]
CHR Extension: (Google Search) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Facebook for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2014-12-25]
CHR Extension: (F1 News) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk [2014-12-25]
CHR Extension: (Start - A Better New Tab) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgifkabikplflflabkllnpidlbjjpgbp [2014-12-25]
CHR Extension: (Facebook Messenger) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-12-25]
CHR Extension: (Quick Note) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-12-25]
CHR Extension: (MONOPOLY: The World Edition) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkedhiolniniodbokjinplhaleemnfbe [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Instagram for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-12-25]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR Extension: (Type Fu) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2014-12-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0044571419532266mcinstcleanup; C:\Windows\TEMP\004457~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [492344 2014-07-08] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 rcores; C:\Windows\rcore.exe [4959232 2014-12-24] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-17] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-17] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-11-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
U3 mfehidk01; No ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
U3 mfencbdc02; No ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64; C:\Windows\System32\drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys [48784 2014-12-24] (StdLib)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftA079.tmp\amifldrv64.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
U3 aswMBR; \??\C:\Users\kevin\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\kevin\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 18:54 - 2014-12-25 18:55 - 00019089 _____ () C:\Users\kevin\Downloads\FRST.txt
2014-12-25 18:54 - 2014-12-25 18:54 - 00000000 ____D () C:\FRST
2014-12-25 18:51 - 2014-12-25 18:51 - 00001631 _____ () C:\Users\kevin\Desktop\aswMBR.txt
2014-12-25 18:51 - 2014-12-25 18:51 - 00000512 _____ () C:\Users\kevin\Desktop\MBR.dat
2014-12-25 18:49 - 2014-12-25 18:49 - 02122240 _____ (Farbar) C:\Users\kevin\Downloads\FRST64.exe
2014-12-25 18:48 - 2014-12-25 18:48 - 05198336 _____ (AVAST Software) C:\Users\kevin\Downloads\aswMBR.exe
2014-12-25 18:32 - 2014-12-25 18:32 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 18:30 - 2014-12-25 18:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 18:30 - 2014-12-25 18:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 18:30 - 2014-12-25 18:30 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-25 18:30 - 2014-12-25 18:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-25 16:19 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-25 16:14 - 2014-12-25 16:19 - 36904648 _____ (Microsoft Corporation) C:\Users\kevin\Downloads\Windows-KB890830-x64-V5.19.exe
2014-12-25 13:56 - 2014-12-25 13:56 - 00001095 _____ () C:\Users\kevin\Desktop\Continue Live Installation.lnk
2014-12-25 13:54 - 2014-12-25 13:54 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\hpqlog
2014-12-25 13:54 - 2014-12-25 13:54 - 00000000 ____D () C:\Users\kevin\AppData\Local\Hewlett-Packard
2014-12-25 13:51 - 2014-12-25 13:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-25 13:47 - 2014-12-25 13:47 - 00003414 _____ () C:\Windows\System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2
2014-12-25 12:25 - 2014-12-25 13:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-12-25 12:25 - 2014-12-25 13:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-12-25 12:25 - 2014-12-25 13:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-12-25 12:25 - 2014-12-25 12:37 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-12-25 12:25 - 2014-12-25 12:37 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-12-25 12:25 - 2014-12-25 12:37 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-12-25 12:25 - 2014-12-25 12:25 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-12-25 12:24 - 2014-12-25 12:25 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-12-25 12:24 - 2014-12-25 12:24 - 00628496 _____ (CMI Limited) C:\Users\kevin\AppData\Local\nsd4B1C.tmp
2014-12-25 12:24 - 2014-12-25 12:24 - 00000000 __SHD () C:\Users\kevin\AppData\Roaming\AnyProtectEx
2014-12-25 11:38 - 2014-12-25 18:30 - 00000000 ____D () C:\Users\kevin\AppData\Local\Deployment
2014-12-25 11:38 - 2014-12-25 11:38 - 00000000 ____D () C:\Users\kevin\AppData\Local\Apps\2.0
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 11:27 - 2014-12-24 18:52 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys
2014-12-25 11:13 - 2014-12-25 11:13 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-12-25 11:09 - 2014-12-25 11:09 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\QuickScan
2014-12-25 11:08 - 2014-12-25 13:54 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 11:07 - 2014-12-25 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-25 11:05 - 2014-12-25 18:32 - 00000000 ____D () C:\Users\kevin\AppData\Local\Google
2014-12-25 11:05 - 2014-12-25 18:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 11:05 - 2014-12-25 17:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-25 11:05 - 2014-12-25 17:09 - 00001706 _____ () C:\Windows\Tasks\RETHQXQE.job
2014-12-25 11:05 - 2014-12-25 14:10 - 00000000 ____D () C:\Program Files (x86)\Popcornew
2014-12-25 11:05 - 2014-12-25 11:07 - 00000000 ____D () C:\Users\kevin\AppData\Local\Popcornew
2014-12-25 11:05 - 2014-12-25 11:05 - 01952744 _____ (Cinema Plus2.7gV25.12) C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
2014-12-25 11:05 - 2014-12-25 11:05 - 00004712 _____ () C:\Windows\System32\Tasks\RETHQXQE
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\Users\kevin\AppData\Local\globalUpdate
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-25 11:05 - 2014-12-24 10:00 - 04959232 _____ () C:\Windows\rcore.exe
2014-12-25 11:01 - 2014-12-25 11:01 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{23B17B40-E5D9-43C2-B5BD-02F3087C443B}
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieUserList
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieSiteList
2014-12-25 10:59 - 2014-12-25 17:09 - 00000000 __RDO () C:\Users\kevin\OneDrive
2014-12-25 10:59 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Macromedia
2014-12-25 10:57 - 2014-12-25 18:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559278574-202871057-2195148621-1002
2014-12-25 10:56 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Hewlett-Packard
2014-12-25 10:52 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Local\Packages
2014-12-25 10:52 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin
2014-12-25 10:52 - 2014-12-25 10:52 - 00003566 _____ () C:\Windows\System32\Tasks\HPCheckDropBoxStatus
2014-12-25 10:52 - 2014-12-25 10:52 - 00001442 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 10:52 - 2014-12-25 10:52 - 00000184 _____ () C:\Windows\insFileSpec
2014-12-25 10:52 - 2014-12-25 10:52 - 00000020 ___SH () C:\Users\kevin\ntuser.ini
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Adobe
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Local\VirtualStore
2014-12-25 10:52 - 2014-07-19 10:00 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-25 10:52 - 2014-07-19 01:21 - 00000000 ___HD () C:\Users\kevin\Documents\hp.system.package.metadata
2014-12-25 10:52 - 2014-03-18 10:06 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-25 10:45 - 2014-12-25 17:20 - 00274569 _____ () C:\Windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 18:31 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-25 18:30 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-25 18:29 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-25 18:29 - 2014-07-19 09:13 - 00000000 ___HD () C:\HP
2014-12-25 18:27 - 2014-11-13 09:38 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-25 17:11 - 2014-07-19 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-25 17:08 - 2014-03-18 09:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 17:01 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 17:00 - 2014-11-13 09:32 - 00201256 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-25 17:00 - 2014-11-13 09:26 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-25 17:00 - 2014-07-19 01:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-25 17:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-25 16:19 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 13:51 - 2014-03-18 09:44 - 00005072 _____ () C:\Windows\PFRO.log
2014-12-25 12:27 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-25 11:27 - 2013-08-22 14:46 - 00019472 _____ () C:\Windows\setupact.log
2014-12-25 11:27 - 2013-08-22 13:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-25 10:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-25 10:52 - 2014-04-03 00:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-12-25 10:52 - 2014-04-02 23:51 - 00000000 ____D () C:\Windows\Panther
2014-12-25 10:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Recovery
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-13 10:54
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by kevin at 2014-12-25 18:56:39
Running from C:\Users\kevin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1205.1711.109 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{83073B80-279B-2579-750E-43BE6DAC6412}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9810 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{854337D7-A7FF-4944-AF74-369213E2EB24}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1134A9E2-42FF-44DA-9CCB-64894105DB04}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0048B5E1-1E3E-41E2-AE02-418D1C03E745} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {09DC78FA-5009-42F2-9237-CF6783EA423F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {1184CC2B-E719-4C90-BB26-F77FA1AD9873} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {233CD257-55A8-4928-9F41-2EBA775D010D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {237A20B3-BB35-4D5F-AA01-E980486FECD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {59663827-C976-4427-9279-33642F778DE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8DEA7CB6-CCD6-4296-8D7F-529BD98F2664} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()
Task: {913B38E5-E21C-48F4-97B0-375822016651} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {91B3971C-379E-4CB4-B2AF-0E605E3F072F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {A8984C00-F619-4345-9846-4C0DEBEF034A} - System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2 => C:\Users\kevin\AppData\Local\Temp\nsz22EB.tmp\a774e592-8f36-4e30-b4a3-c0024526fb2e-2.exe <==== ATTENTION
Task: {B0361E29-ABF7-4B74-9DF5-8CC9991FDC81} - System32\Tasks\HPCheckDropBoxStatus => c:\HP\HPQWare\DropBox\HPAppDetector.exe [2014-06-19] ()
Task: {BE328DA5-220C-4B96-BDC6-4C413D03B728} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {E4361F73-1BF5-4417-813D-925E96882FF2} - System32\Tasks\RETHQXQE => C:\Users\kevin\AppData\Roaming\RETHQXQE.exe [2014-12-25] (Cinema Plus2.7gV25.12) <==== ATTENTION
Task: {ED6CBE00-EDB9-47B2-BF37-DC861A9EC75F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RETHQXQE.job => C:\Users\kevin\AppData\Roaming\RETHQXQE.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-05 22:42 - 2014-06-05 22:42 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-05 22:40 - 2014-06-05 22:40 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-25 11:05 - 2014-12-24 10:00 - 04959232 _____ () C:\Windows\rcore.exe
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-25 18:32 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\kevin\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1559278574-202871057-2195148621-500 - Administrator - Disabled)
Guest (S-1-5-21-1559278574-202871057-2195148621-501 - Limited - Disabled)
kevin (S-1-5-21-1559278574-202871057-2195148621-1002 - Administrator - Enabled) => C:\Users\kevin
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2014 06:30:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPCD.exe version 1.1.12.59 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 884
 
Start Time: 01d02070ae642b9b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6\HPCD.exe
 
Report Id: ffbdc926-8c63-11e4-8261-38b1dbe9bd20
 
Faulting package full name: AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6
 
Faulting package-relative application ID: App
 
Error: (12/25/2014 06:29:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MY-LAPTOP)
Description: App AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6+App did not launch within its allotted time.
 
Error: (12/25/2014 05:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MY-LAPTOP)
Description: Activation of application Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727
 
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278
 
Error: (12/25/2014 11:47:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opbhobrokerdsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0xf30
Faulting application start time: 0xopbhobrokerdsktop.exe0
Faulting application path: opbhobrokerdsktop.exe1
Faulting module path: opbhobrokerdsktop.exe2
Report ID: opbhobrokerdsktop.exe3
Faulting package full name: opbhobrokerdsktop.exe4
Faulting package-relative application ID: opbhobrokerdsktop.exe5
 
Error: (12/25/2014 11:37:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17037, time stamp: 0x5312c30a
Faulting module name: KrabWebbho.dll, version: 1.0.0.5, time stamp: 0x54943652
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process ID: 0x1a28
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
 
Error: (12/25/2014 11:10:36 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.25.11\PopcornewUpdateHelper.msi
 
 
System errors:
=============
Error: (12/25/2014 06:33:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/25/2014 06:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053
 
Error: (12/25/2014 06:33:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (12/25/2014 06:33:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/25/2014 06:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053
 
Error: (12/25/2014 06:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (12/25/2014 06:32:59 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
 
Error: (12/25/2014 06:32:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053
 
Error: (12/25/2014 06:32:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (12/25/2014 06:32:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2014 06:30:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPCD.exe1.1.12.5988401d02070ae642b9b4294967295C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6\HPCD.exeffbdc926-8c63-11e4-8261-38b1dbe9bd20AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6App
 
Error: (12/25/2014 06:29:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MY-LAPTOP)
Description: AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6+App
 
Error: (12/25/2014 05:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MY-LAPTOP)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927141
 
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727
 
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278
 
Error: (12/25/2014 11:47:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opbhobrokerdsktop.exe8.0.1.115335c3d5unknown0.0.0.000000000c00000050000000000000000f3001d02030f113cd16C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exeunknowndaf2834f-8c2b-11e4-825f-38b1dbe9bd20
 
Error: (12/25/2014 11:37:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.170375312c30aKrabWebbho.dll1.0.0.554943652c0000005000034211a2801d0203733e7c311C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Krab Web\KrabWebbho.dll729a35e8-8c2a-11e4-825f-38b1dbe9bd20
 
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
 
Error: (12/25/2014 11:10:36 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.25.11\PopcornewUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: AMD A4 Micro-6400T APU + AMD Radeon R3 Graphics
Percentage of memory in use: 69%
Total physical RAM: 1747.11 MB
Available physical RAM: 531.62 MB
Total Pagefile: 2899.11 MB
Available Pagefile: 989.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:22.94 GB) (Free:17.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: E8FB648C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
I hope someone can help me and i will appreciate any help i can get 
 
thanks
kevin
 
 
 
 

 

 


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 26 December 2014 - 03:30 AM

Hello machisan and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested.

===================================================

You have a lot of junk on your machine, most, (if not all), is related to Google Chrome. We'll try to get rid of some with a couple of programs and then see what is left.

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

WQhen you’ve done that, please run FRST again and send the new log.

Logs to include with next post:

AdwCleaner log
JRT.txt
New FRST.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 26 December 2014 - 05:54 AM

Hi there Satchfan.
 
Merry Christmas and thank you so much for helping me so quickly during this festive period. I have carried out the next steps as instructed and bellow you will find the results of the scans.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu# AdwCleaner v4.106 - Report created 26/12/2014 at 11:31:44
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : kevin - MY-LAPTOP
# Running from : C:\Users\kevin\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : rcores
Service Deleted : {f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Popcornew
Folder Deleted : C:\Users\kevin\AppData\Local\Temp\Krab Web
Folder Deleted : C:\Users\kevin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\kevin\AppData\Local\Popcornew
Folder Deleted : C:\Users\kevin\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
File Deleted : C:\Windows\rcore.exe
File Deleted : C:\Windows\System32\drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Popcornew
Key Deleted : HKCU\Software\Cores
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Popcornew
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PopcornewUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3026 octets] - [26/12/2014 11:27:21]
AdwCleaner[S0].txt - [2831 octets] - [26/12/2014 11:31:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2891 octets] ##########
 
 
 
 
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by kevin on 26/12/2014 at 11:36:44.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/12/2014 at 11:45:41.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by kevin (administrator) on MY-LAPTOP on 26-12-2014 11:50:15
Running from C:\Users\kevin\Downloads
Loaded Profile: kevin (Available profiles: kevin)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [702808 2014-06-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1559278574-202871057-2195148621-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1559278574-202871057-2195148621-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM-x32 -> {8D394175-22B2-4598-B22F-D2DEA00920F0} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1559278574-202871057-2195148621-1002 -> {8D394175-22B2-4598-B22F-D2DEA00920F0} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.youtube.com/user/swiftmini?feature=mhee
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate={installDate}", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate=04/03/2013", "hxxp://www.google.com/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Write Space) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-12-25]
CHR Extension: (Screenr) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmdmhlhifnkjklgeikfdmffiigfoged [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Webpage Screenshot) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
CHR Extension: (Gliffy Diagrams) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-12-25]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Solitaire) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2014-12-25]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-25]
CHR Extension: (Google Search) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Facebook for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2014-12-25]
CHR Extension: (F1 News) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk [2014-12-25]
CHR Extension: (Start - A Better New Tab) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgifkabikplflflabkllnpidlbjjpgbp [2014-12-25]
CHR Extension: (Facebook Messenger) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-12-25]
CHR Extension: (Quick Note) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-12-25]
CHR Extension: (MONOPOLY: The World Edition) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkedhiolniniodbokjinplhaleemnfbe [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Instagram for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-12-25]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR Extension: (Type Fu) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2014-12-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [492344 2014-07-08] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-17] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-17] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-11-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftA079.tmp\amifldrv64.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-26 11:45 - 2014-12-26 11:45 - 00000614 _____ () C:\Users\kevin\Desktop\JRT.txt
2014-12-26 11:36 - 2014-12-26 11:36 - 01707646 _____ (Thisisu) C:\Users\kevin\Downloads\JRT.exe
2014-12-26 11:36 - 2014-12-26 11:36 - 00000000 ____D () C:\Windows\ERUNT
2014-12-26 11:27 - 2014-12-26 11:38 - 00000000 ____D () C:\AdwCleaner
2014-12-26 11:19 - 2014-12-26 11:33 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForkevin.job
2014-12-26 11:19 - 2014-12-26 11:19 - 00003166 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkevin
2014-12-26 11:16 - 2014-12-26 11:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-26 11:16 - 2014-12-26 11:16 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-26 11:12 - 2014-12-26 11:12 - 02173952 _____ () C:\Users\kevin\Downloads\adwcleaner_4.106.exe
2014-12-25 18:56 - 2014-12-25 18:58 - 00021764 _____ () C:\Users\kevin\Downloads\Addition.txt
2014-12-25 18:54 - 2014-12-26 11:50 - 00018401 _____ () C:\Users\kevin\Downloads\FRST.txt
2014-12-25 18:54 - 2014-12-26 11:50 - 00000000 ____D () C:\FRST
2014-12-25 18:51 - 2014-12-25 18:51 - 00001631 _____ () C:\Users\kevin\Desktop\aswMBR.txt
2014-12-25 18:51 - 2014-12-25 18:51 - 00000512 _____ () C:\Users\kevin\Desktop\MBR.dat
2014-12-25 18:49 - 2014-12-25 18:49 - 02122240 _____ (Farbar) C:\Users\kevin\Downloads\FRST64.exe
2014-12-25 18:48 - 2014-12-25 18:48 - 05198336 _____ (AVAST Software) C:\Users\kevin\Downloads\aswMBR.exe
2014-12-25 18:32 - 2014-12-25 18:32 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 18:30 - 2014-12-26 11:35 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 18:30 - 2014-12-26 11:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 18:30 - 2014-12-25 18:30 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-25 18:30 - 2014-12-25 18:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-25 16:19 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-25 16:14 - 2014-12-25 16:19 - 36904648 _____ (Microsoft Corporation) C:\Users\kevin\Downloads\Windows-KB890830-x64-V5.19.exe
2014-12-25 13:54 - 2014-12-26 11:19 - 00000000 ____D () C:\Users\kevin\AppData\Local\Hewlett-Packard
2014-12-25 13:54 - 2014-12-25 13:54 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\hpqlog
2014-12-25 13:51 - 2014-12-25 13:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-25 13:47 - 2014-12-25 13:47 - 00003414 _____ () C:\Windows\System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2
2014-12-25 12:24 - 2014-12-25 12:24 - 00628496 _____ (CMI Limited) C:\Users\kevin\AppData\Local\nsd4B1C.tmp
2014-12-25 11:38 - 2014-12-25 18:30 - 00000000 ____D () C:\Users\kevin\AppData\Local\Deployment
2014-12-25 11:38 - 2014-12-25 11:38 - 00000000 ____D () C:\Users\kevin\AppData\Local\Apps\2.0
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 11:13 - 2014-12-25 11:13 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-12-25 11:09 - 2014-12-25 11:09 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\QuickScan
2014-12-25 11:08 - 2014-12-25 13:54 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 11:07 - 2014-12-25 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-25 11:05 - 2014-12-26 11:34 - 00001706 _____ () C:\Windows\Tasks\RETHQXQE.job
2014-12-25 11:05 - 2014-12-25 18:32 - 00000000 ____D () C:\Users\kevin\AppData\Local\Google
2014-12-25 11:05 - 2014-12-25 18:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 11:05 - 2014-12-25 11:05 - 01952744 _____ (Cinema Plus2.7gV25.12) C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
2014-12-25 11:05 - 2014-12-25 11:05 - 00004712 _____ () C:\Windows\System32\Tasks\RETHQXQE
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-25 11:01 - 2014-12-26 11:42 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{23B17B40-E5D9-43C2-B5BD-02F3087C443B}
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieUserList
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieSiteList
2014-12-25 10:59 - 2014-12-26 11:34 - 00000000 __RDO () C:\Users\kevin\OneDrive
2014-12-25 10:59 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Macromedia
2014-12-25 10:57 - 2014-12-26 11:45 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559278574-202871057-2195148621-1002
2014-12-25 10:56 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Hewlett-Packard
2014-12-25 10:52 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Local\Packages
2014-12-25 10:52 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin
2014-12-25 10:52 - 2014-12-25 10:52 - 00003566 _____ () C:\Windows\System32\Tasks\HPCheckDropBoxStatus
2014-12-25 10:52 - 2014-12-25 10:52 - 00001442 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 10:52 - 2014-12-25 10:52 - 00000184 _____ () C:\Windows\insFileSpec
2014-12-25 10:52 - 2014-12-25 10:52 - 00000020 ___SH () C:\Users\kevin\ntuser.ini
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Adobe
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Local\VirtualStore
2014-12-25 10:52 - 2014-07-19 10:00 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-25 10:52 - 2014-07-19 01:21 - 00000000 ___HD () C:\Users\kevin\Documents\hp.system.package.metadata
2014-12-25 10:52 - 2014-03-18 10:06 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-25 10:45 - 2014-12-26 11:32 - 00524135 _____ () C:\Windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-26 11:38 - 2014-07-19 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-26 11:38 - 2014-03-18 09:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 11:33 - 2014-03-18 09:44 - 00006978 _____ () C:\Windows\PFRO.log
2014-12-26 11:33 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 11:32 - 2014-11-13 09:26 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-26 11:32 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-26 11:31 - 2014-11-13 09:32 - 00264338 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-26 11:16 - 2014-07-19 01:21 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-26 11:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-25 19:26 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-25 19:07 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-25 18:31 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-25 18:30 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-25 18:29 - 2014-07-19 09:13 - 00000000 ___HD () C:\HP
2014-12-25 18:27 - 2014-11-13 09:38 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 17:00 - 2014-07-19 01:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-25 16:19 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 12:27 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-25 11:27 - 2013-08-22 14:46 - 00019472 _____ () C:\Windows\setupact.log
2014-12-25 11:27 - 2013-08-22 13:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-25 10:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-25 10:52 - 2014-04-03 00:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-12-25 10:52 - 2014-04-02 23:51 - 00000000 ____D () C:\Windows\Panther
2014-12-25 10:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Recovery
 
Some content of TEMP:
====================
C:\Users\kevin\AppData\Local\Temp\Quarantine.exe
C:\Users\kevin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-13 10:54
 
==================== End Of Log ============================
 
 
Thank you very much 
Kevin


#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 26 December 2014 - 07:27 AM

That’s looking better.


Open notepad. Please copy the contents of the code box below.
 


HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate={installDate}", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate=04/03/2013", "hxxp://www.google.com/"
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2014-12-25 11:05 - 2014-12-26 11:34 - 00001706 _____ () C:\Windows\Tasks\RETHQXQE.job
2014-12-25 11:05 - 2014-12-25 11:05 - 01952744 _____ (Cinema Plus2.7gV25.12) C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
2014-12-25 11:05 - 2014-12-25 11:05 - 00004712 _____ () C:\Windows\System32\Tasks\RETHQXQE
C:\Windows\Tasks\RETHQXQE.job
C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
C:\Windows\System32\Tasks\RETHQXQE

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Download Malwarebytes-Anti-Malware

Click here (at the top of the page, click on "Download Current Version")
 

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Reset Browser Settings:

First, backup your Favourites/Bookmarks and other data:



Backup Internet Explorer Favourites
Backup Chrome Bookmarks

 

Next, reset your browsers:


How to reset Internet Explorer settings
How to reset Chrome settings

 

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me how your computer is now.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 26 December 2014 - 09:45 AM

This step took me a moment to figure out. I saved the fixlist.txt in 3 different locations before i realized that the file needed to be saved into my download folder, because i hadn't relocated the tool.Duh!!

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by kevin at 2014-12-26 15:33:03 Run:1
Running from C:\Users\kevin\Downloads
Loaded Profile: kevin (Available profiles: kevin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate={installDate}", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate=04/03/2013", "hxxp://www.google.com/"
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2014-12-25 11:05 - 2014-12-26 11:34 - 00001706 _____ () C:\Windows\Tasks\RETHQXQE.job
2014-12-25 11:05 - 2014-12-25 11:05 - 01952744 _____ (Cinema Plus2.7gV25.12) C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
2014-12-25 11:05 - 2014-12-25 11:05 - 00004712 _____ () C:\Windows\System32\Tasks\RETHQXQE
C:\Windows\Tasks\RETHQXQE.job
C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
C:\Windows\System32\Tasks\RETHQXQE
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
wpnfd_1_10_0_4 => Service deleted successfully.
C:\Windows\Tasks\RETHQXQE.job => Moved successfully.
C:\Users\kevin\AppData\Roaming\RETHQXQE.exe => Moved successfully.
C:\Windows\System32\Tasks\RETHQXQE => Moved successfully.
"C:\Windows\Tasks\RETHQXQE.job" => File/Directory not found.
"C:\Users\kevin\AppData\Roaming\RETHQXQE.exe" => File/Directory not found.
"C:\Windows\System32\Tasks\RETHQXQE" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:33:04 ====
 
Thankyou very much for all the help i have had so far, i will certainly be making a donation and i will certainly be using this forum again (my home desktop has a snap.do search bar pop up problem that i have ignored for 6 months) and will recommend to my friends. I wish i couldn't contribute to the community, further than just a donation 


#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 26 December 2014 - 12:24 PM

Hi Kevin

 

You're welcome for the help - it's what we do. ^_^

 

Can you follow the other instructions, send the Malwarebytes log and tell me how your computer is doing.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 27 December 2014 - 05:23 AM

Hi Satchfan, My computer is working better than ever. I carried out the MBAM scan as instructed, a few threats were found. They were all PUPs. The tool then prompted for a reboot. I let it reboot and then reopened the tool. 

 

I can click on history and then application logs. That then gives me the option to look at scan log and protection log.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 27/12/2014 10:22:32, SYSTEM, MY-LAPTOP, Manual, Rootkit Database, 2014.11.18.1, 2014.12.23.2, 
Update, 27/12/2014 10:22:32, SYSTEM, MY-LAPTOP, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 27/12/2014 10:22:44, SYSTEM, MY-LAPTOP, Manual, Malware Database, 2014.11.20.6, 2014.12.27.3, 
Scan, 27/12/2014 10:29:40, SYSTEM, MY-LAPTOP, Manual, Start:27/12/2014 10:23:03, Duration:5 min 8 sec, Threat Scan, Completed, 0 Malware Detections, 24 Non-Malware Detections, 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 27/12/2014
Scan Time: 10:23:03
Logfile: mal scan log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.27.03
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: kevin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311689
Time Elapsed: 5 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.4, Quarantined, [3c936304c7b550e65f1845214fb4af51], 
PUP.Optional.Popcornew.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Popcornew, Quarantined, [fbd471f6d6a6d0669c4fbba87c87837d], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [725df275017bad890edb7ac67a89fa06], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309, Quarantined, [725df275017bad890edb7ac67a89fa06], 
 
Files: 19
PUP.Optional.CrossRider.A, C:\Users\kevin\AppData\Local\Temp\n5218\PlusHD-UKInstaller.exe, Quarantined, [8a450067f785f343d5fcab34ce33e61a], 
PUP.Optional.Popcornew.A, C:\Users\kevin\AppData\Local\Temp\n5218\Popcorn_2710-1ddf16a8.exe, Quarantined, [23ac80e7fa82f145382606ac5da8e41c], 
PUP.Optional.WordProser.A, C:\Users\kevin\AppData\Local\Temp\n5218\wordproser_09_12-5d320c55.exe, Quarantined, [943b47201c60db5b5d8c50612dd89e62], 
PUP.Optional.Vitruvian.A, C:\Users\kevin\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [5877ca9df686e84e51b005da6d97bc44], 
PUP.Optional.Vitruvian.A, C:\Users\kevin\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [27a8e5822c50bf7744bd10cf64a0e719], 
PUP.Optional.Vitruvian.A, C:\Users\kevin\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [15ba82e5394374c2fe033da219ebfe02], 
PUP.Optional.Vitruvian.A, C:\Users\kevin\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [79560265e19b37ff59a8d00f7d87738d], 
PUP.Optional.Vitruvian.A, C:\Users\kevin\AppData\Local\Temp\vitruvian-installer-vmdetect-v0001, Quarantined, [daf59ccb2b5103332bd697489f6511ef], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2, Quarantined, [d2fd55121b617abcfdf4ae314db7a65a], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\GoogleCrashHandler.exe, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\GoogleUpdate.exe, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\GoogleUpdateBroker.exe, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\GoogleUpdateHelper.msi, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\GoogleUpdateOnDemand.exe, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\goopdate.dll, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\goopdateres_en.dll, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\npGoogleUpdate4.dll, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\psmachine.dll, Quarantined, [725df275017bad890edb7ac67a89fa06], 
PUP.Optional.GlobalUpdate.A, C:\Users\kevin\AppData\Local\Temp\comh.434309\psuser.dll, Quarantined, [725df275017bad890edb7ac67a89fa06], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Thankyou again 
 
I will now reset my browsers and await any further instruction
 
Kevin


#8 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 27 December 2014 - 05:24 AM

I dont know why i said they were all PUPs, ill let you be the judge of that, i dont know what iam talking about



#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 December 2014 - 05:58 AM

What was found by Mbam were additional pieces of what has already been dealt with and included one that I was looking for in particular, so all-in-all, good stuff. :thumbup:

I want to check your security and then get you to do a final online scan to be sure nothing is left, (the online scan will take longer than the others have).


Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology
     

    Note: Do not check Remove found threats
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here
 

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#10 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 27 December 2014 - 07:23 AM

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

C:\AdwCleaner\Quarantine\C\Windows\rcore.exe.vir a variant of Win32/Agent.WGA trojan
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys.vir a variant of Win64/BrowseFox.AU potentially unwanted application
C:\FRST\Quarantine\C\Users\kevin\AppData\Roaming\RETHQXQE.exe.xBAD a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\Users\kevin\AppData\Local\nsd4B1C.tmp Win32/VOPackage.BC potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\ICReinstall_nsc7100.tmp a variant of Win32/InstallCore.PL potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\ICReinstall_nse43B0.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\ICReinstall_nsgC859.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\nsc7100.tmp a variant of Win32/InstallCore.PL potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\nsd4B1C.tmp Win32/VOPackage.BC potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\nse43B0.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\nsgC859.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\nszDD67.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\n5218\pcspeedup.exe a variant of Win32/Speedchecker.B potentially unwanted application
C:\Users\kevin\AppData\Local\Temp\n5218\s5218.exe a variant of MSIL/Solimba.B potentially unwanted application
C:\Users\kevin\AppData\Roaming\RETHQXQE JS/Toolbar.Crossrider.C potentially unwanted application

    Advertisements

Register to Remove


#11 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 27 December 2014 - 07:25 AM

ive turned my mcafee firewall back on



#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 December 2014 - 10:04 AM

ive turned my mcafee firewall back on

 

McAfee has probably turned off the Windows firewall but you’ll need to check that it is off because you can’t have two running. I should have got you to do that before running SecurityCheck. :smack:

Windows Defender should also not be running. Please also disable that – instructions on how to do that can be found here.

==============================================

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q "C:\Users\kevin\AppData\Local\nsd4B1C.tmp”
del /f /s /q “C:\Users\kevin\AppData\Local\Temp\ICReinstall_nsc7100.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\ICReinstall_nsc7100.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\ICReinstall_nse43B0.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\ICReinstall_nsgC859.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\nsc7100.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\nsd4B1C.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\nse43B0.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\nsgC859.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\nszDD67.tmp”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\n5218\pcspeedup.exe”
del /f /s /q "C:\Users\kevin\AppData\Local\Temp\n5218\s5218.exe”
del /f /s /q "C:\Users\kevin\AppData\Roaming\RETHQXQE JS”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

Please run SecurityCheck again and post the new log.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 27 December 2014 - 04:24 PM

Defender has been disabled, the entire time ive owned the computer. mcafee firewall was in use during the previous security check. but also disabled for the security check below.
 
Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 28 December 2014 - 04:49 AM

I'm not quite sure what you mean. What is shown up in Security Check is that you have Windows firewall and Windows Defender running. It's very important that you don't have more than one antivirus and one firewall enabled.

 

To double-check do the following:

 

Hold down the Windows key and press "R". Type in services.msc, then find Windows Defender and Windows Firewall, double click on each in turn and set the properties to "disabled".

 

Make sure that McAfees firewall is enabled then delete the previous checkup.txt logs, run SecurityCheck again and send the new log.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 machisan

machisan

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 28 December 2014 - 06:30 AM

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
I dont understand either. Before i just didnt realize there was a windows firewall and a defender.
 
I just disabled windows. defender is already stopped and i have turned on macfee
 
i deleted the checkup.txt and rerun the security checks.
 
the above checkup.txt looks to me like it still saying windows firewall is on

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users