Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trovi browser hijack in Chrome [Solved]


  • This topic is locked This topic is locked
11 replies to this topic

#1 Makofan

Makofan

    Authentic Member

  • Authentic Member
  • PipPip
  • 94 posts

Posted 30 December 2014 - 07:04 PM

My son has contracted the Trovi Chrome browser hijack

 

I ran malwarebytes, then booted up Internet Explorer and all was fine. Uninstalled Chrome, reinstalled, and the Trovi reappeared

 

Hear is an aswMBR log

 

aswMBR Log

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-30 19:20:29
-----------------------------
19:20:29.746    OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:29.746    Number of processors: 2 586 0x602
19:20:29.746    ComputerName: JOHN-PC  UserName: John
19:20:31.306    Initialize success
19:20:31.447    VM: initialized successfully
19:20:31.447    VM: Amd CPU BiosDisabled
19:25:19.234    AVAST engine defs: 14123001
19:25:34.226    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
19:25:34.226    Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
19:25:34.335    Disk 0 MBR read successfully
19:25:34.351    Disk 0 MBR scan
19:25:34.429    Disk 0 unknown MBR code
19:25:34.444    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:25:34.444    Disk 0 default boot code
19:25:34.507    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464857 MB offset 206848
19:25:34.616    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11981 MB offset 952233984
19:25:34.725    Disk 0 scanning C:\Windows\system32\drivers
19:25:52.400    Service scanning
19:26:27.032    Modules scanning
19:26:27.048    Disk 0 trace - called modules:
19:26:27.079    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:26:27.079    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035ab060]
19:26:27.094    3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> [0xfffffa8002474c60]
19:26:27.094    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8002e93450]
19:26:29.247    AVAST engine scan C:\Windows
19:26:35.144    AVAST engine scan C:\Windows\system32
19:31:37.131    AVAST engine scan C:\Windows\system32\drivers
19:31:59.080    AVAST engine scan C:\Users\John
19:36:02.222    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:36:02.300    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-30 19:20:29
-----------------------------
19:20:29.746    OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:29.746    Number of processors: 2 586 0x602
19:20:29.746    ComputerName: JOHN-PC  UserName: John
19:20:31.306    Initialize success
19:20:31.447    VM: initialized successfully
19:20:31.447    VM: Amd CPU BiosDisabled
19:25:19.234    AVAST engine defs: 14123001
19:25:34.226    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
19:25:34.226    Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
19:25:34.335    Disk 0 MBR read successfully
19:25:34.351    Disk 0 MBR scan
19:25:34.429    Disk 0 unknown MBR code
19:25:34.444    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:25:34.444    Disk 0 default boot code
19:25:34.507    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464857 MB offset 206848
19:25:34.616    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11981 MB offset 952233984
19:25:34.725    Disk 0 scanning C:\Windows\system32\drivers
19:25:52.400    Service scanning
19:26:27.032    Modules scanning
19:26:27.048    Disk 0 trace - called modules:
19:26:27.079    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:26:27.079    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035ab060]
19:26:27.094    3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> [0xfffffa8002474c60]
19:26:27.094    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8002e93450]
19:26:29.247    AVAST engine scan C:\Windows
19:26:35.144    AVAST engine scan C:\Windows\system32
19:31:37.131    AVAST engine scan C:\Windows\system32\drivers
19:31:59.080    AVAST engine scan C:\Users\John
19:36:02.222    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:36:02.300    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
19:38:07.516    File: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO76R89N\WebCakesetup[1].exe  **INFECTED** Win32:Webcake-A [Adw]
19:46:49.961    AVAST engine scan C:\ProgramData
19:51:45.832    Disk 0 statistics 4252893/0/0 @ 2.53 MB/s
19:51:45.832    Scan finished successfully
19:54:40.942    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:54:41.004    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

 

 

FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by John (administrator) on JOHN-PC on 30-12-2014 20:00:19
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GW Port Controller] => C:\Program Files (x86)\Samsung\SmarThru\PORTCTRL.EXE [163840 2004-12-15] (Samsung Electronics Co., Ltd., Samsung Software Center.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\MountPoints2: {64c5dfcb-5c64-11e1-8caa-806e6f6e6963} - E:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
SearchScopes: HKLM -> DefaultScope {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKLM -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKLM-x32 -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> DefaultScope {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D5C2BD2E-7662-4A38-B7BA-8EC71A7F9C13}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\John\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2219148673-3672275092-2702570280-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======
CHR HomePage: Default -> https://www.google.c...E4&ved=0CBEQ1S4
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5A71FE5C-C56D-4BA1-A6F4-33816C42CE27&SearchSource=55&CUI=&UM=8&UP=SPC66EC657-6CCE-4E27-8B6F-4AB85604C8E8&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-21]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-21]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-03]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-11-07] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-11-07] (Razer USA Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
U3 aswMBR; \??\C:\Users\John\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\John\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 20:00 - 2014-12-30 20:00 - 00015888 _____ () C:\Users\John\Desktop\FRST.txt
2014-12-30 19:59 - 2014-12-30 20:00 - 00000000 ____D () C:\FRST
2014-12-30 19:58 - 2014-12-30 19:58 - 02123264 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-12-30 19:36 - 2014-12-30 19:54 - 00004531 _____ () C:\Users\John\Desktop\aswMBR.txt
2014-12-30 19:36 - 2014-12-30 19:54 - 00000512 _____ () C:\Users\John\Desktop\MBR.dat
2014-12-30 19:19 - 2014-12-30 19:20 - 05198336 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-12-30 18:53 - 2014-12-30 18:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 18:47 - 2014-12-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 18:47 - 2014-12-30 19:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 18:47 - 2014-12-30 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 18:17 - 2014-12-30 19:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 18:17 - 2014-12-30 18:17 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 18:17 - 2014-12-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 18:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 18:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 18:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 18:16 - 2014-12-30 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-30 05:56 - 2014-12-30 18:11 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-30 05:54 - 2014-12-30 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-30 05:10 - 2014-12-30 05:28 - 00000000 ____D () C:\AdwCleaner
2014-12-30 04:11 - 2014-12-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 04:11 - 2014-12-30 04:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 04:02 - 2014-12-30 04:02 - 00000064 _____ () C:\Users\John\AppData\Local\7283b87a54b9adad3d2a77c693a7f87b
2014-12-30 04:00 - 2014-12-30 04:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 03:58 - 2014-12-30 03:58 - 00000000 ____D () C:\Users\John\AppData\Local\Pro_PC_Cleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 19:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 19:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 19:18 - 2009-07-14 00:13 - 00794836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 19:16 - 2012-02-21 00:22 - 01985379 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 19:15 - 2012-02-23 01:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 19:14 - 2012-02-21 02:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 19:13 - 2013-06-18 22:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 19:13 - 2009-08-21 15:53 - 00441934 _____ () C:\Windows\PFRO.log
2014-12-30 19:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 19:13 - 2009-07-13 23:51 - 00334493 _____ () C:\Windows\setupact.log
2014-12-30 19:13 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-30 18:52 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2014-12-30 18:49 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Google
2014-12-30 18:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-12-30 18:12 - 2012-02-21 00:23 - 00000000 ____D () C:\Users\John
2014-12-30 18:11 - 2013-09-01 15:05 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-12-30 18:11 - 2012-04-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Gw2
2014-12-30 18:11 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-30 04:05 - 2013-07-23 05:19 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-12-25 00:05 - 2013-12-18 15:05 - 00000171 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-12-21 23:49 - 2012-02-23 06:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-10 04:26 - 2012-04-13 22:48 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-12-10 04:26 - 2012-04-13 22:48 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-12-05 17:07 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\John\jagex_cl_runescape_LIVE.dat
C:\Users\John\jagex_cl_runescape_LIVE1.dat
C:\Users\John\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\John\random.dat

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\binkw32.dll
C:\Users\John\AppData\Local\Temp\d2l_Install.exe
C:\Users\John\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\John\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\John\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\nvStInst.exe
C:\Users\John\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\John\AppData\Local\Temp\ose00000.exe
C:\Users\John\AppData\Local\Temp\pyl1B32.tmp.exe
C:\Users\John\AppData\Local\Temp\pylB2E5.tmp.exe
C:\Users\John\AppData\Local\Temp\pylB55.tmp.exe
C:\Users\John\AppData\Local\Temp\pylCEE2.tmp.exe
C:\Users\John\AppData\Local\Temp\pylF3D0.tmp.exe
C:\Users\John\AppData\Local\Temp\Setup-D2502DD2B71B5-05C0.exe
C:\Users\John\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\John\AppData\Local\Temp\Sqlite3.dll
C:\Users\John\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\John\AppData\Local\Temp\xmlUpdater.exe
C:\Users\John\AppData\Local\Temp\_isD91F.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:45

==================== End Of Log ============================

 

 

ADDITION scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by John at 2014-12-30 20:01:12
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
CamStudio Lossless Codec (HKLM\...\camcodec) (Version:  - )
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D2SE V2.2.0PK (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
DAoC Portal (HKLM-x32\...\{951D4810-1C32-47D1-A5BD-7A1BFB526D94}) (Version: 2.1.0 - DAoC Portal)
Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version:  - Electronic Arts)
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.1 - Dolphin Development Team)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Genesis version Genesis Launcher 1.006 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.006 - Pawel D. alias Laplume for Genesis.)
Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
Grappling Hook 1.07 (HKLM-x32\...\{D411BA90-6057-416B-974B-14DB5F88EAA6}_is1) (Version:  - Christian Teister)
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legendary (HKLM-x32\...\Steam App 16730) (Version:  - Gamecock)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Monday Night Combat (HKLM-x32\...\Steam App 63200) (Version:  - )
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.0 - )
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 10.00 - )
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.7.15 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Samsung SCX-4x16 Series - TWAIN (HKLM-x32\...\{4518D543-6A80-4856-AFA7-10836B42113A}) (Version:  - )
Samsung SCX-4x16 Series (HKLM-x32\...\Samsung SCX-4x16 Series) (Version:  - )
Samsung SCX-4x16 Series (TWAIN) (HKLM-x32\...\{0D2EDE81-878F-400D-A5C3-3EC445F47750}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru (HKLM-x32\...\{1CE06390-46D0-11D6-8578-006008CA5356}) (Version:  - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

06-12-2014 17:26:20 Windows Update
09-12-2014 18:04:45 Windows Update
13-12-2014 17:36:59 Windows Update
17-12-2014 18:01:05 Windows Update
21-12-2014 16:42:16 Windows Update
25-12-2014 09:53:26 Windows Update
29-12-2014 20:32:11 Windows Update
30-12-2014 03:59:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-12-2014 04:56:32 Removed Activate Norton Online Backup
30-12-2014 05:05:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-12-2014 06:04:26 Checkpoint by HitmanPro
30-12-2014 06:07:22 Checkpoint by HitmanPro
30-12-2014 18:08:22 Restore Operation
30-12-2014 18:25:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A073B24-10AB-44CE-B286-E61521017231} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {3A7B8998-8AF8-4E0F-B54B-1201F382FB99} - System32\Tasks\{27D265FD-A249-4029-8A26-07FF277D8125} => pcalua.exe -a "C:\Program Files (x86)\SAMSUNG\SmarThru\list32.exe" -d C:\PROGRA~2\Samsung\SmarThru
Task: {3B89A8FC-1014-442D-84C4-1C6CD37B1C32} - System32\Tasks\{F5005AA5-06E8-4DE4-B57D-DC3FE14439F6} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {58E5A4A6-4A56-4679-B1C6-78E5A349102E} - System32\Tasks\{4671340F-F734-4465-B468-555FD91F2532} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {75549EAE-3B09-4B96-B18B-B5E569A16738} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BB4F321B-4D01-44AC-8057-08312E363FA3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {CEC36D68-B698-491A-8E71-57BC38C75682} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2219148673-3672275092-2702570280-1000
Task: {D3E082D2-5548-4AF1-B87E-92DB436165FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
Task: {FB0BD0F8-23A3-4D34-A18B-6ABA0268961F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 22:37 - 2013-05-12 15:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 12:49 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-18 16:04 - 2011-07-18 16:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2219148673-3672275092-2702570280-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2219148673-3672275092-2702570280-1006 - Limited - Enabled)
Guest (S-1-5-21-2219148673-3672275092-2702570280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2219148673-3672275092-2702570280-1007 - Limited - Enabled)
John (S-1-5-21-2219148673-3672275092-2702570280-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3EB00.72).  hr = 0x80070005, Access is denied.
.

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0000000004DEE440.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {1c16117a-1fc0-4719-b0b3-6ee1888768b4}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002dc,(null),0,REG_BINARY,0000000002C1E5A0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {812e3862-5936-481c-a94c-38ab1f5baa9b}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0000000004DEE440.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {1c16117a-1fc0-4719-b0b3-6ee1888768b4}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a6c,(null),0,REG_BINARY,0000000000CAE0D0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {97b39f61-f308-4d08-a552-9c2174cf563c}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002dc,(null),0,REG_BINARY,0000000002C1E5A0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {812e3862-5936-481c-a94c-38ab1f5baa9b}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a6c,(null),0,REG_BINARY,0000000000CAE0D0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {97b39f61-f308-4d08-a552-9c2174cf563c}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,(null),0,REG_BINARY,0000000002DBEF00.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b0ed2b63-6e15-4b2b-8c29-1f82e6ba9ba8}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a4,(null),0,REG_BINARY,0000000001F2EB20.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {0118fd34-8e5d-4d2b-9285-5e42eed96e78}

Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d4,(null),0,REG_BINARY,0000000002F6EE50.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {1cf97c67-1e68-4120-bb7a-37fd9485bac7}

System errors:
=============
Error: (12/30/2014 07:13:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/30/2014 07:13:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (12/30/2014 06:38:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/30/2014 06:38:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (12/30/2014 06:14:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DealPly Live Service (dealplylive) service failed to start due to the following error:
%%1053

Error: (12/30/2014 06:14:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DealPly Live Service (dealplylive) service to connect.

Error: (12/30/2014 06:12:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/30/2014 06:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (12/30/2014 06:12:54 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (12/30/2014 06:06:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 53%
Total physical RAM: 3070.49 MB
Available physical RAM: 1431.52 MB
Total Pagefile: 6139.17 MB
Available Pagefile: 4146.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:453.96 GB) (Free:143.4 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.7 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 31 December 2014 - 12:54 PM

:welcome:

 

Run these in order please and post the report from each one

 

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAMDashboard_zpsddef9b5f.gif
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 Makofan

    Makofan

      Authentic Member

    • Authentic Member
    • PipPip
    • 94 posts

    Posted 31 December 2014 - 04:01 PM

    # AdwCleaner v4.106 - Report created 30/12/2014 at 05:12:39
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-28.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : John - JOHN-PC
    # Running from : C:\Users\John\Downloads\adwcleaner_4.106.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : CltMngSvc
    Service Deleted : SrvUpdater
    [x] Not Deleted : Skype C2C Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
    Folder Deleted : C:\Users\John\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\John\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\Public\Documents\ShopperPro
    Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    File Deleted : C:\Users\Public\Desktop\Pro PC Cleaner.lnk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Program Files (x86)\Uninstall.exe
    File Deleted : C:\Users\John\AppData\Local\Temp\UpdInstaller.exe
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage-journal
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : ShopperPro
    Task Deleted : ShopperProJSUpd
    Task Deleted : SMupdate1
    Task Deleted : SPDriver
    Task Deleted : YTDownloader
    Task Deleted : ProPCCleaner_Start
    Task Deleted : ProPCCleaner_Popup

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
    Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\UpdateStar
    Key Deleted : HKCU\Software\YTDownloader
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Sense
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\Sense
    Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
    Key Deleted : HKLM\SOFTWARE\ORBTR
    Key Deleted : HKLM\SOFTWARE\YTDownloader
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16635

    -\\ Google Chrome v

    -\\ Chromium v

    *************************

    AdwCleaner[R0].txt - [9986 octets] - [30/12/2014 05:10:54]
    AdwCleaner[S0].txt - [9706 octets] - [30/12/2014 05:12:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9766 octets] ##########
    # AdwCleaner v4.106 - Report created 31/12/2014 at 16:10:04
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-30.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : John - JOHN-PC
    # Running from : C:\Users\John\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Skype C2C Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\DealPly
    Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Program Files (x86)\Uninstall.exe

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A868644-478D-4F42-A436-6096690BD064}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\UpdateStar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16635

    -\\ Google Chrome v

    -\\ Chromium v

    *************************

    AdwCleaner[R0].txt - [13598 octets] - [30/12/2014 05:10:54]
    AdwCleaner[R1].txt - [912 octets] - [30/12/2014 05:25:48]
    AdwCleaner[S0].txt - [13141 octets] - [30/12/2014 05:12:39]
    AdwCleaner[S1].txt - [974 octets] - [30/12/2014 05:28:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13261 octets] ##########

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by John on 31/12/2014 at 16:17:25.97
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

     

    ~~~ Registry Keys

     

    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\DEALPLYLIVE.EXE-B469C63A.pf
    Successfully deleted: [File] C:\Windows\prefetch\DEALPLYLIVEHANDLER.EXE-2529B0CB.pf

     

    ~~~ Folders

    Failed to delete: [Folder] "C:\Users\John\appdata\local\pro_pc_cleaner"

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 31/12/2014 at 16:20:11.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 31/12/2014
    Scan Time: 4:24:06 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.31.05
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: John

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 339339
    Time Elapsed: 14 min, 46 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 31 December 2014 - 04:11 PM

    Great, go ahead and run a new scan with FRST, checkmark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 Makofan

    Makofan

      Authentic Member

    • Authentic Member
    • PipPip
    • 94 posts

    Posted 31 December 2014 - 08:27 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
    Ran by John (administrator) on JOHN-PC on 31-12-2014 21:23:42
    Running from C:\Users\John\Desktop
    Loaded Profile: John (Available profiles: John)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [GW Port Controller] => C:\Program Files (x86)\Samsung\SmarThru\PORTCTRL.EXE [163840 2004-12-15] (Samsung Electronics Co., Ltd., Samsung Software Center.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-11] (Valve Corporation)
    HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\MountPoints2: {64c5dfcb-5c64-11e1-8caa-806e6f6e6963} - E:\autorun.exe
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    SearchScopes: HKLM -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> DefaultScope {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{D5C2BD2E-7662-4A38-B7BA-8EC71A7F9C13}: [NameServer] 8.8.8.8,8.8.4.4

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\John\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2219148673-3672275092-2702570280-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.c...E4&ved=0CBEQ1S4
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5A71FE5C-C56D-4BA1-A6F4-33816C42CE27&SearchSource=55&CUI=&UM=8&UP=SPC66EC657-6CCE-4E27-8B6F-4AB85604C8E8&SSPV="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-21]
    CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-21]
    CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-11-07] (Razer USA Ltd)
    S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-11-07] (Razer USA Ltd)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-31 16:20 - 2014-12-31 16:20 - 00000985 _____ () C:\Users\John\Desktop\JRT.txt
    2014-12-31 16:17 - 2014-12-31 16:17 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-31 16:14 - 2014-12-31 16:14 - 01707939 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
    2014-12-31 16:12 - 2014-12-31 16:12 - 00013358 _____ () C:\Users\John\Desktop\AdwCleaner[S0].txt
    2014-12-31 16:00 - 2014-12-31 16:00 - 02173952 _____ () C:\Users\John\Desktop\AdwCleaner.exe
    2014-12-30 20:01 - 2014-12-30 20:01 - 00030648 _____ () C:\Users\John\Desktop\Addition.txt
    2014-12-30 20:00 - 2014-12-31 21:24 - 00013756 _____ () C:\Users\John\Desktop\FRST.txt
    2014-12-30 19:59 - 2014-12-31 21:23 - 00000000 ____D () C:\FRST
    2014-12-30 19:58 - 2014-12-30 19:58 - 02123264 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
    2014-12-30 19:36 - 2014-12-30 19:54 - 00000512 _____ () C:\Users\John\Desktop\MBR.dat
    2014-12-30 19:19 - 2014-12-30 19:20 - 05198336 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
    2014-12-30 18:53 - 2014-12-30 18:56 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-12-30 18:47 - 2014-12-31 21:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-30 18:47 - 2014-12-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-30 18:47 - 2014-12-30 19:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-30 18:17 - 2014-12-31 19:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-30 18:17 - 2014-12-30 18:17 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-30 18:17 - 2014-12-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-30 18:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-30 18:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-30 18:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-30 18:16 - 2014-12-30 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
    2014-12-30 05:56 - 2014-12-30 18:11 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-12-30 05:54 - 2014-12-30 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-12-30 05:10 - 2014-12-31 16:10 - 00000000 ____D () C:\AdwCleaner
    2014-12-30 04:11 - 2014-12-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-30 04:11 - 2014-12-30 04:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-30 04:02 - 2014-12-30 04:02 - 00000064 _____ () C:\Users\John\AppData\Local\7283b87a54b9adad3d2a77c693a7f87b
    2014-12-30 04:00 - 2014-12-30 04:00 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-12-30 03:58 - 2014-12-30 03:58 - 00000000 ____D () C:\Users\John\AppData\Local\Pro_PC_Cleaner

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-31 18:15 - 2012-02-21 00:22 - 01992839 _____ () C:\Windows\WindowsUpdate.log
    2014-12-31 16:18 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-31 16:18 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-31 16:15 - 2009-07-14 00:13 - 00794836 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-31 16:12 - 2012-02-21 02:13 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-31 16:11 - 2013-06-18 22:39 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-12-31 16:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-31 16:11 - 2009-07-13 23:51 - 00334605 _____ () C:\Windows\setupact.log
    2014-12-31 16:10 - 2009-08-21 15:53 - 00442610 _____ () C:\Windows\PFRO.log
    2014-12-30 19:15 - 2012-02-23 01:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-30 19:13 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
    2014-12-30 18:52 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
    2014-12-30 18:49 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Google
    2014-12-30 18:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
    2014-12-30 18:12 - 2012-02-21 00:23 - 00000000 ____D () C:\Users\John
    2014-12-30 18:11 - 2012-04-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Gw2
    2014-12-30 18:11 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-12-30 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2014-12-30 04:05 - 2013-07-23 05:19 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
    2014-12-25 00:05 - 2013-12-18 15:05 - 00000171 _____ () C:\Users\John\AppData\Roaming\WB.CFG
    2014-12-21 23:49 - 2012-02-23 06:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-12-10 04:26 - 2012-04-13 22:48 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
    2014-12-10 04:26 - 2012-04-13 22:48 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
    2014-12-05 17:07 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    Files to move or delete:
    ====================
    C:\Users\John\jagex_cl_runescape_LIVE.dat
    C:\Users\John\jagex_cl_runescape_LIVE1.dat
    C:\Users\John\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\John\random.dat

    Some content of TEMP:
    ====================
    C:\Users\John\AppData\Local\Temp\binkw32.dll
    C:\Users\John\AppData\Local\Temp\d2l_Install.exe
    C:\Users\John\AppData\Local\Temp\drm_dyndata_7370014.dll
    C:\Users\John\AppData\Local\Temp\GameuxInstallHelper.dll
    C:\Users\John\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\John\AppData\Local\Temp\nvStInst.exe
    C:\Users\John\AppData\Local\Temp\Optimizer_Pro.exe
    C:\Users\John\AppData\Local\Temp\ose00000.exe
    C:\Users\John\AppData\Local\Temp\pyl1B32.tmp.exe
    C:\Users\John\AppData\Local\Temp\pylB2E5.tmp.exe
    C:\Users\John\AppData\Local\Temp\pylB55.tmp.exe
    C:\Users\John\AppData\Local\Temp\pylCEE2.tmp.exe
    C:\Users\John\AppData\Local\Temp\pylF3D0.tmp.exe
    C:\Users\John\AppData\Local\Temp\Quarantine.exe
    C:\Users\John\AppData\Local\Temp\Setup-D2502DD2B71B5-05C0.exe
    C:\Users\John\AppData\Local\Temp\Shockwave_Installer_Slim.exe
    C:\Users\John\AppData\Local\Temp\Sqlite3.dll
    C:\Users\John\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\John\AppData\Local\Temp\xmlUpdater.exe
    C:\Users\John\AppData\Local\Temp\_isD91F.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-25 00:45

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
    Ran by John at 2014-12-31 21:25:00
    Running from C:\Users\John\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
    Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft)
    Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CamStudio Lossless Codec (HKLM\...\camcodec) (Version:  - )
    CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
    Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    D2SE V2.2.0PK (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
    DAoC Portal (HKLM-x32\...\{951D4810-1C32-47D1-A5BD-7A1BFB526D94}) (Version: 2.1.0 - DAoC Portal)
    Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version:  - Electronic Arts)
    Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - )
    Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.1 - Dolphin Development Team)
    Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
    Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - )
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
    GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
    Genesis version Genesis Launcher 1.006 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.006 - Pawel D. alias Laplume for Genesis.)
    Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
    Grappling Hook 1.07 (HKLM-x32\...\{D411BA90-6057-416B-974B-14DB5F88EAA6}_is1) (Version:  - Christian Teister)
    Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
    Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
    Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
    Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
    Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
    Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
    Legendary (HKLM-x32\...\Steam App 16730) (Version:  - Gamecock)
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
    Monday Night Combat (HKLM-x32\...\Steam App 63200) (Version:  - )
    Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.0 - )
    NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - )
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
    PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 10.00 - )
    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com)
    Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.7.15 - Razer USA Ltd.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Samsung SCX-4x16 Series - TWAIN (HKLM-x32\...\{4518D543-6A80-4856-AFA7-10836B42113A}) (Version:  - )
    Samsung SCX-4x16 Series (HKLM-x32\...\Samsung SCX-4x16 Series) (Version:  - )
    Samsung SCX-4x16 Series (TWAIN) (HKLM-x32\...\{0D2EDE81-878F-400D-A5C3-3EC445F47750}) (Version:  - )
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmarThru (HKLM-x32\...\{1CE06390-46D0-11D6-8578-006008CA5356}) (Version:  - )
    Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
    Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
    Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
    WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
    Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points  =========================

    06-12-2014 17:26:20 Windows Update
    09-12-2014 18:04:45 Windows Update
    13-12-2014 17:36:59 Windows Update
    17-12-2014 18:01:05 Windows Update
    21-12-2014 16:42:16 Windows Update
    25-12-2014 09:53:26 Windows Update
    29-12-2014 20:32:11 Windows Update
    30-12-2014 03:59:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    30-12-2014 04:56:32 Removed Activate Norton Online Backup
    30-12-2014 05:05:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    30-12-2014 06:04:26 Checkpoint by HitmanPro
    30-12-2014 06:07:22 Checkpoint by HitmanPro
    30-12-2014 18:08:22 Restore Operation
    30-12-2014 18:25:51 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0A073B24-10AB-44CE-B286-E61521017231} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
    Task: {3A7B8998-8AF8-4E0F-B54B-1201F382FB99} - System32\Tasks\{27D265FD-A249-4029-8A26-07FF277D8125} => pcalua.exe -a "C:\Program Files (x86)\SAMSUNG\SmarThru\list32.exe" -d C:\PROGRA~2\Samsung\SmarThru
    Task: {3B89A8FC-1014-442D-84C4-1C6CD37B1C32} - System32\Tasks\{F5005AA5-06E8-4DE4-B57D-DC3FE14439F6} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
    Task: {58E5A4A6-4A56-4679-B1C6-78E5A349102E} - System32\Tasks\{4671340F-F734-4465-B468-555FD91F2532} => pcalua.exe -a E:\SETUP.EXE -d E:\
    Task: {75549EAE-3B09-4B96-B18B-B5E569A16738} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
    Task: {BB4F321B-4D01-44AC-8057-08312E363FA3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
    Task: {CEC36D68-B698-491A-8E71-57BC38C75682} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2219148673-3672275092-2702570280-1000
    Task: {D3E082D2-5548-4AF1-B87E-92DB436165FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
    Task: {FB0BD0F8-23A3-4D34-A18B-6ABA0268961F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-06-18 22:37 - 2013-05-12 15:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    2012-02-26 12:49 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
    2011-07-18 16:04 - 2011-07-18 16:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
    2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2219148673-3672275092-2702570280-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2219148673-3672275092-2702570280-1006 - Limited - Enabled)
    Guest (S-1-5-21-2219148673-3672275092-2702570280-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2219148673-3672275092-2702570280-1007 - Limited - Enabled)
    John (S-1-5-21-2219148673-3672275092-2702570280-1000 - Administrator - Enabled) => C:\Users\John

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/31/2014 05:13:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X2 215 Processor
    Percentage of memory in use: 30%
    Total physical RAM: 3070.49 MB
    Available physical RAM: 2143.21 MB
    Total Pagefile: 6139.17 MB
    Available Pagefile: 4633.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (COMPAQ) (Fixed) (Total:453.96 GB) (Free:141.54 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.7 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

     


    Edited by Makofan, 31 December 2014 - 08:29 PM.


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 January 2015 - 06:08 AM

    Happy New Year, hope your doing well

     

    I am attaching a file named Fixlist, download it to your desktop where you have FRST, then open FRST and click on FIX, it will reboot your system and then you will find a file on your desktop named Fixlog, post it please

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 Makofan

    Makofan

      Authentic Member

    • Authentic Member
    • PipPip
    • 94 posts

    Posted 01 January 2015 - 12:02 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
    Ran by John at 2015-01-01 12:55:45 Run:1
    Running from C:\Users\John\Desktop
    Loaded Profile: John (Available profiles: John)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5A71FE5C-C56D-4BA1-A6F4-33816C42CE27&SearchSource=55&CUI=&UM=8&UP=SPC66EC657-6CCE-4E27-8B6F-4AB85604C8E8&SSPV="
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    Chrome StartupUrls deleted successfully.

    =========  ipconfig /flushdns =========

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 5.5 GB temporary data.

    The system needed a reboot.

    ==== End of Fixlog 12:58:49 ====



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 January 2015 - 12:08 PM

    Is Trovi still present, if so we will have to clean up your browsers 



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 Makofan

    Makofan

      Authentic Member

    • Authentic Member
    • PipPip
    • 94 posts

    Posted 01 January 2015 - 05:18 PM

    It is gone, thank you very much!



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 January 2015 - 06:38 PM

    Your very welcome, glad things are back to normal for you, I will leave this thread open for you for a few days in case it returns and you still need help



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 January 2015 - 06:26 AM

    Double click on AdwCleaner.exe to run the tool again.
    •  
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.
     
     
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
    •  
    • Windows XP Double Click DelFix.exe to run the program. 
    • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
    • Checkmark " Remove Disinfection Tools"
    • Click the Run button
     
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    •  
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
     
     
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 January 2015 - 02:31 PM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users