Jump to content


Photo
- - - - -

Can not get rit off Adds by Cloudscout


  • This topic is locked This topic is locked
13 replies to this topic

#1 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 27 August 2015 - 06:46 AM

Hi guys,

 

I have followed many many online step by step guides on how to get rit off "adds by cloudscout" with no success... its a nasty piece of spyware thats almost diabling my entire system.. There are many things i am now unable to do besides getting pop up after pop up and silly adds left, right and centre. I hope someone here can help me .

 

Here is my HijackThis logg. Many thanks in advance

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:43:15 PM, on 27/08/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)

FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Users\Dell\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [Cloud Sync Application] C:\Program Files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}: NameServer = 82.163.143.137,82.163.142.139
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11143 bytes
 

 

 

 



#2 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 27 August 2015 - 06:55 AM

Here are my Farbar logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Dell (administrator) on DELL-PC (27-08-2015 22:52:48)
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell & UpdatusUser (Available Profiles: Dell & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Trend Micro Inc.) C:\Users\Dell\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-08-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [Cloud Sync Application] => C:\Program Files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe [169984 2014-01-27] (Renewed Vision, Inc)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [Facebook Update] => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-26] (Facebook Inc.)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)









HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}: [NameServer] 82.163.143.137,82.163.142.139
Tcpip\..\Interfaces\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BF7548A4-4B37-4112-B6B7-87AD8793FEF1}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\9zk16fkx.default-1438300192999
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @ei.InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1gEI\Installr\1.bin\NP1gEISB.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2799920661-1438349000-4008728122-1000: @hola.org/vlc,version=1.8.204 -> C:\Users\Dell\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-2799920661-1438349000-4008728122-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 HPSLPSVC; C:\Users\Dell\AppData\Local\Temp\7zS595E\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 22:52 - 2015-08-27 22:53 - 00020029 _____ C:\Users\Dell\Downloads\FRST.txt
2015-08-27 22:52 - 2015-08-27 22:52 - 02186752 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2015-08-27 22:52 - 2015-08-27 22:52 - 00000000 ____D C:\FRST
2015-08-27 22:43 - 2015-08-27 22:43 - 00011145 _____ C:\Users\Dell\Downloads\hijackthis.log
2015-08-27 22:42 - 2015-08-27 22:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dell\Downloads\HijackThis.exe
2015-08-23 23:30 - 2015-08-23 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-23 07:22 - 2015-08-23 07:22 - 00112093 _____ C:\Users\Dell\Downloads\Esther.pptx
2015-08-22 14:22 - 2015-08-22 14:22 - 00001870 _____ C:\Users\Dell\Downloads\Come Praise & Glorify (Bob Kauflin, Tim Chester).xml
2015-08-22 14:22 - 2015-08-22 14:22 - 00001792 _____ C:\Users\Dell\Downloads\Here is Love (Matt Redman, William Rees, Robert Lowry).xml
2015-08-22 14:16 - 2015-08-22 14:16 - 00001813 _____ C:\Users\Dell\Downloads\It Is Well With My Soul (Philipp Bliss, Horatio G Spafford).xml
2015-08-20 23:58 - 2015-08-23 07:31 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-08-20 23:58 - 2015-08-20 23:58 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Sublime Text 3
2015-08-20 23:58 - 2015-08-20 23:58 - 00000000 ____D C:\Users\Dell\AppData\Local\Sublime Text 3
2015-08-20 18:18 - 2015-08-20 22:00 - 00000000 ____D C:\Users\Dell\Downloads\dmps
2015-08-15 21:09 - 2015-08-15 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 10:13 - 2015-07-31 10:13 - 00000000 ____D C:\SUPERDelete
2015-07-31 10:12 - 2015-08-23 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-31 10:12 - 2015-08-23 07:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 10:12 - 2015-07-31 10:12 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-07-31 10:12 - 2015-07-31 10:12 - 00000000 ____D C:\Users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2015-07-31 10:12 - 2015-07-31 10:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-07-31 10:09 - 2015-07-31 10:12 - 22854032 _____ (SUPERAntiSpyware) C:\Users\Dell\Downloads\SUPERAntiSpywarePro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 22:52 - 2014-03-13 19:22 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-08-27 22:48 - 2015-07-06 17:36 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-27 22:29 - 2014-07-26 22:24 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000UA.job
2015-08-27 22:29 - 2014-07-26 22:24 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000Core.job
2015-08-27 22:29 - 2012-11-04 12:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 22:21 - 2012-12-02 20:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Skype
2015-08-27 22:01 - 2015-04-07 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 21:48 - 2015-07-06 17:36 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-27 21:15 - 2012-10-29 20:51 - 02070609 _____ C:\Windows\WindowsUpdate.log
2015-08-27 21:11 - 2009-07-14 14:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-27 21:11 - 2009-07-14 14:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 21:05 - 2015-07-06 17:38 - 00000000 ___RD C:\Users\Dell\Dropbox
2015-08-27 21:05 - 2015-07-06 17:36 - 00000000 ____D C:\Users\Dell\AppData\Local\Dropbox
2015-08-27 21:04 - 2014-08-26 18:11 - 00000000 ____D C:\Users\Dell\AppData\Local\Adobe
2015-08-27 21:03 - 2015-04-07 16:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 21:03 - 2012-10-29 21:23 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-27 21:03 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 21:02 - 2015-06-28 11:25 - 00004190 _____ C:\Windows\setupact.log
2015-08-24 00:04 - 2015-04-07 16:43 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-23 23:30 - 2014-11-30 18:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-23 23:30 - 2014-05-26 17:08 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-23 23:30 - 2012-12-02 20:26 - 00000000 ____D C:\ProgramData\Skype
2015-08-23 17:45 - 2015-05-01 12:25 - 00000000 ____D C:\Users\Dell\Desktop\M&M Website
2015-08-23 07:31 - 2015-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 07:31 - 2015-04-07 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 07:31 - 2012-11-24 18:20 - 00000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent
2015-08-23 07:31 - 2012-10-31 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-23 07:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-08-23 07:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-22 13:55 - 2009-07-14 15:13 - 00796054 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-22 13:37 - 2015-06-13 18:21 - 00000000 ____D C:\Users\Dell\AppData\Roaming\vlc
2015-08-22 13:33 - 2012-10-29 20:51 - 00000000 ____D C:\Users\Dell
2015-08-16 16:39 - 2015-07-12 14:23 - 00004104 _____ C:\Windows\PFRO.log
2015-08-15 21:09 - 2015-07-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-12 20:29 - 2012-11-04 12:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 20:29 - 2012-11-04 12:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 20:29 - 2012-11-04 12:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 19:34 - 2015-07-14 19:35 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-08-08 11:40 - 2012-10-29 20:59 - 00000000 ____D C:\Users\Dell\Desktop\N5110
2015-07-31 10:06 - 2015-06-28 10:37 - 00000000 ____D C:\Program Files\CCleaner
2015-07-31 09:49 - 2015-06-11 17:16 - 00000000 ____D C:\Users\Dell\Desktop\Old Firefox Data

==================== Files in the root of some directories =======

2014-12-06 08:09 - 2014-12-07 19:57 - 1019904 _____ () C:\Users\Dell\AppData\Roaming\123 Cheese Prefsv3
2013-01-06 08:57 - 2013-01-06 08:57 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-30 12:13 - 2008-07-07 13:22 - 0000014 _____ () C:\Users\Dell\AppData\Roaming\options.ini
2013-06-30 12:13 - 2012-07-07 13:04 - 0000003 _____ () C:\Users\Dell\AppData\Roaming\options_pdfcombine.ini
2013-06-30 12:13 - 2013-02-23 12:15 - 0000003 _____ () C:\Users\Dell\AppData\Roaming\options_pdfrotator.ini
2013-06-30 12:13 - 2013-06-30 12:14 - 0000703 _____ () C:\Users\Dell\AppData\Roaming\pdfsound.dll
2013-06-30 12:13 - 2013-06-09 09:38 - 0000053 _____ () C:\Users\Dell\AppData\Roaming\setting.ini
2013-06-30 12:13 - 2013-06-08 13:43 - 0000030 _____ () C:\Users\Dell\AppData\Roaming\setup.ini
2013-06-30 12:13 - 2013-06-09 09:30 - 0000043 _____ () C:\Users\Dell\AppData\Roaming\setup_pdfcombine.ini
2013-06-30 12:13 - 2013-06-09 10:34 - 0000043 _____ () C:\Users\Dell\AppData\Roaming\setup_pdfrotator.ini
2015-04-03 17:12 - 2015-04-04 03:42 - 0000062 _____ () C:\Users\Dell\AppData\Roaming\WB.CFG
2015-02-05 18:59 - 2015-02-05 19:04 - 0000600 _____ () C:\Users\Dell\AppData\Roaming\winscp.rnd
2014-12-06 08:25 - 2015-06-14 18:55 - 0109925 _____ () C:\Users\Dell\AppData\Local\ars.cache
2014-12-06 08:25 - 2015-06-14 18:55 - 0468633 _____ () C:\Users\Dell\AppData\Local\census.cache
2014-10-11 19:24 - 2014-10-11 19:24 - 0000092 _____ () C:\Users\Dell\AppData\Local\fusioncache.dat
2014-12-06 07:58 - 2014-12-06 07:58 - 0000036 _____ () C:\Users\Dell\AppData\Local\housecall.guid.cache
2013-02-19 19:01 - 2015-02-05 18:46 - 0000600 _____ () C:\Users\Dell\AppData\Local\PUTTY.RND
2015-04-06 14:56 - 2015-04-06 14:57 - 0011722 _____ () C:\Users\Dell\AppData\Local\Temp-log.txt
2014-10-10 17:56 - 2014-10-10 18:14 - 0000372 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsknlqv.dll
C:\Users\Dell\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-23 18:27

==================== End of FRST.txt ============================



#3 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 27 August 2015 - 06:56 AM

And here is the second Farbar log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-08-2015
Ran by Dell (2015-08-27 22:53:31)
Running from C:\Users\Dell\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2799920661-1438349000-4008728122-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2799920661-1438349000-4008728122-1005 - Limited - Enabled)
Dell (S-1-5-21-2799920661-1438349000-4008728122-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2799920661-1438349000-4008728122-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2799920661-1438349000-4008728122-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2799920661-1438349000-4008728122-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AiO_Scan (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
AiOSoftware (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
AirParrot (HKLM\...\{6C4958DF-4B1A-4290-947B-5F6AFDC74398}) (Version: 1.1.3 - Squirrels)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}) (Version: 2.0.0.36 - Apple Inc.)
BufferChm (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Copy (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjects (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
CueTour (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
Director (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 4.0.0.0 - Hewlett-Packard) Hidden
DocumentViewer (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Dropbox Setup (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.0.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP Image Zone 4.2 (HKLM-x32\...\HP Photo & Imaging) (Version: 4.2 - HP)
HP PSC & OfficeJet 4.2 (HKLM-x32\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
HP Software Update (HKLM-x32\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HPSystemDiagnostics (x32 Version: 1.5.0.0 - Your Company Name) Hidden
Idle Crawler (HKLM-x32\...\04BE9A43-6885-2A4A-AF4C-8D81F5D1D303) (Version: 120.0.0.467 - MILE 27 LTD) <==== ATTENTION
InstantShare (x32 Version: 4.0.0.40 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)
KiwiG PhonTunes (HKLM-x32\...\KiwiG PhonTunes_is1) (Version:  - KiwiGeeker)
K-Lite Mega Codec Pack 11.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\MyFreeCodec) (Version:  - )
NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
nito Installer (HKLM-x32\...\nito Installer) (Version: 01.00.00.00 - JailbreakAppleTV)
NVIDIA 3D Vision Driver 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
Overland (x32 Version: 2.1.5 - Hewlett-Packard) Hidden
PDFZilla V3.0.0 (HKLM-x32\...\PDFZilla_is1) (Version:  - PDFZilla, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoGallery (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
PrintScreen (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
ProPresenter 5 (HKLM-x32\...\{5298EDD6-CB08-4F2A-8FFF-F9FDC3D815EB}) (Version: 5.2.401 - Renewed Vision)
ProPresenter 5 (HKLM-x32\...\{ABB004D0-D826-42CD-B299-8E5C91C6FCCE}) (Version: 5.1.500 - Renewed Vision)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readme (x32 Version: 43.0.217.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.11 (24/10/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.17.00(12/04/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.11 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 4.1.0.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SkinsHP1 (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TrayApp (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
Unload (x32 Version: 4.0.0 - Hewlett-Packard) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.0.7 - Vudu)
VUDU To Go (x32 Version: 2.0.7 - Vudu) Hidden
WebReg (x32 Version: 43.1.5.000 - Hewlett-Packard) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XBMC (HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\XBMC) (Version:  - Team XBMC)
YTD Video Downloader 4.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

08-08-2015 10:57:59 Windows Update
12-08-2015 19:13:55 Windows Update
15-08-2015 20:50:46 Windows Update
20-08-2015 18:13:11 Windows Update
22-08-2015 13:47:37 Windows Update
25-08-2015 17:13:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-15 15:39 - 2014-03-15 15:39 - 00001794 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B728705-C676-4AD9-B8F6-347E3E8A8D7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07] (Google Inc.)
Task: {32DB8D3B-1AE5-4371-ABCF-0BBCDA6EA7B3} - \Runner IC -> No File <==== ATTENTION
Task: {46AFF864-863F-42C3-A9FD-3136A22FA9BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07] (Google Inc.)
Task: {4BF9C976-EB0D-4C76-A8A2-2CE6D2E530E3} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {4EDA2991-449F-4BDF-814F-EC59197DBD96} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000Core => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-26] (Facebook Inc.)
Task: {50077783-AC77-49CB-A27C-B466EEF4438B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {51F5F522-909F-4F77-99BA-29DEEDD27CC0} - System32\Tasks\{BFFD1E77-20D5-466A-B270-9BBE48BEAAAF} => Firefox.exe http://www.skype.com...8;LastError=404
Task: {5561C5CF-2764-4045-9124-251CDEA7BFEE} - System32\Tasks\DropboxSetup => C:\Program Files (x86)\Dropbox\DropboxSetup\DropboxSetup.exe [2015-06-23] ()
Task: {6844AC81-0FA4-4AC4-9560-4759C9753148} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000UA => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-26] (Facebook Inc.)
Task: {8332FB9F-36F0-4C8E-BBF7-8D415556C44F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95F271AF-0D6E-4F4E-B956-4425B9156256} - System32\Tasks\AdobeAAMUpdater-1.0-Dell-PC-Dell => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {963A23E3-BE04-4F6F-BA30-D86BF2DAF81E} - System32\Tasks\{AEEBBC72-6C5F-4F67-A5E8-6F92BB76155F} => pcalua.exe -a C:\dell\drivers\R311834\Setup.exe -d C:\dell\drivers\R311834
Task: {AB6A85E9-E43C-4DD4-9897-DA6A3EBD884B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06] (Dropbox, Inc.)
Task: {B264B876-A274-436A-A160-C4CC39D13345} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-06-01] ()
Task: {D873E55C-92EF-4DBE-803F-5A33C24A7B62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {E3C97C3A-1F7C-4CC9-ABDD-E70FCCF22988} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06] (Dropbox, Inc.)
Task: {F123F36F-B4D6-49D4-8D8C-68ADC143D928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-02] (Piriform Ltd)
Task: {F889DA73-68BF-4DE8-9BCA-BEF0D89DF4A8} - \Microsoft\Windows\Maintenance\Update IC -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000Core.job => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000UA.job => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 19:07 - 2011-07-27 19:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-01-03 00:42 - 2010-01-03 00:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-13 19:09 - 2013-05-15 16:30 - 00034304 _____ () C:\Windows\System32\sst6clm.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-27 19:07 - 2011-07-27 19:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-10-29 21:16 - 2011-04-10 09:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-11-30 07:59 - 2012-11-30 07:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-08-27 21:04 - 2015-08-27 21:04 - 00071168 _____ () c:\users\dell\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsknlqv.dll
2015-07-06 17:37 - 2015-08-06 06:49 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-06 17:37 - 2015-08-06 06:49 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 09:25 - 2015-08-06 06:49 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-06 17:37 - 2015-08-06 06:49 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-12 20:29 - 2015-08-12 20:29 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Dell\Cookies:PmPGidEOaZqT89V0moNt
AlternateDataStreams: C:\Users\Dell\AppData\Local\bkXKtCtOe8RNGC:wgbj4lKksCXPwJclKBPIvvYbVF
AlternateDataStreams: C:\Users\Dell\AppData\Local\UAMzI1IORQ4aFT:5ZMvPo4E6kWwNe5kqGy1lMCjhd

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.137 - 82.163.142.139
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\Windows\pss\HP Image Zone Fast Start.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ Star Fox 64 (U) (V1.1) [!].lnk => C:\Windows\pss\ Star Fox 64 (U) (V1.1) [!].lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Starfox 64.lnk => C:\Windows\pss\Starfox 64.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90CB519D-14B1-49FB-B0FD-E6AB71F2309A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7A46B50B-531D-402F-8EC9-02195ADD3347}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9662997C-9AE6-4BB2-9AAB-D71F843DBE29}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{36243EC4-E047-48B4-8F71-E46F27D8E2DD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{71F746B8-422C-4D4C-8274-0C029D0AD08D}] => (Allow) LPort=2869
FirewallRules: [{DF7BF61A-A7C1-470B-8D72-8E51FE9BFF05}] => (Allow) LPort=1900
FirewallRules: [{4E319ACD-DEA5-4947-9A3D-D7BBFE828D6D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D48258FE-CD16-4358-8944-B23C645CB0FD}C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe] => (Allow) C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe
FirewallRules: [UDP Query User{A1876EBF-48D8-4BA7-AB0C-97F92E2C2696}C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe] => (Allow) C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe
FirewallRules: [TCP Query User{47ECE932-9E73-4DB9-AC20-2D37235EB0BD}C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe] => (Allow) C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe
FirewallRules: [UDP Query User{34FAD6F1-BC72-45E0-8E87-B7CAC3C9F6D7}C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe] => (Allow) C:\program files (x86)\renewed vision\propresenter 5\propresenter.exe
FirewallRules: [{12EFD3DF-9CDB-49C4-9CBC-3619A7FCEBDF}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
FirewallRules: [{F3C6F289-732C-4205-91CD-F46252C51AD6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{79E4F3C3-29BA-435F-96D5-57E2F2585D4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F89CAE5-4A5F-4399-8F2E-D1CB2422C3DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56AFEA7A-1575-408E-A050-8D8D7D58201A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CF840D8-D0FE-455C-B9AD-864369BBEADF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{24B9A623-457D-4C7A-AABD-19329F4F4DFB}C:\users\dell\downloads\utorrent.exe] => (Allow) C:\users\dell\downloads\utorrent.exe
FirewallRules: [UDP Query User{E3C7709D-2010-44D9-952F-79C0248DC777}C:\users\dell\downloads\utorrent.exe] => (Allow) C:\users\dell\downloads\utorrent.exe
FirewallRules: [TCP Query User{BD3CA439-4F10-4BB6-A489-429BCADFC4FF}C:\program files\airparrot\airparrot.exe] => (Block) C:\program files\airparrot\airparrot.exe
FirewallRules: [UDP Query User{5DD1CA3E-C08D-4269-AE34-2593BB488EE6}C:\program files\airparrot\airparrot.exe] => (Block) C:\program files\airparrot\airparrot.exe
FirewallRules: [TCP Query User{F7F6A428-DA89-4D82-B540-0CA7AF83D924}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{DCEEABB7-4295-4327-8CD0-10D43DCE3479}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{D866B982-3D1B-4284-AD5A-FFDFB19C2281}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{DDC78A0E-6A35-4061-A932-3686C1AD4400}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{7BE72BE4-EDAA-4333-B4FB-7D37D26E4040}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BC23A9A0-1394-4705-95CB-FB69942789F7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{87A77524-AEB5-4960-9D07-CA91EC8FAA0C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{AE5FBBDA-2DBC-4D5A-B186-1B1FB61C3114}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{F0284745-2AD3-4AF8-A927-C4EA3529812E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{C3B50453-891C-4D7F-8411-780B13B2DBAF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A153EB7E-746C-4153-9BC8-2EB72960D5A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{1165661B-DCCA-46F5-9CA4-8371CB91DFE3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{4264EC8E-60E2-4205-AA9C-34EEA6DE3926}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{EA68E3B6-47C2-4AEB-B2DD-9AB3677463B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{1A19E8C7-6412-494E-8C58-C14633F2F841}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{EF2E7A3D-8D27-4BEF-BDEC-9577C1C52258}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8305A787-CE5F-42CB-8E0F-397C40782F6D}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS5933\hppiw.exe
FirewallRules: [{FA7D0EFB-0C8A-4A78-849E-2782609FC500}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS5933\hppiw.exe
FirewallRules: [{9E22AD17-2812-4A30-8D27-3CA37D727F08}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS595E\hppiw.exe
FirewallRules: [{12FBAF75-F3B3-4D35-A290-011E5B9FBFAC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS595E\hppiw.exe
FirewallRules: [{E0089A7E-4277-4E74-8D2D-7D5883176C12}] => (Allow) C:\Users\Dell\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{A21F6627-7689-4281-BA73-000285BDC1A1}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Block) C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{BBFEF821-1FF0-4A04-8725-097D20A97550}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Block) C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [TCP Query User{402E9E71-A46D-4290-B374-2218BA19BD0E}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Block) C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{7C177AA5-3ADC-4885-8519-C120BEBC8632}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Block) C:\users\dell\appdata\roaming\mozilla\firefox\profiles\fud95ddr.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [TCP Query User{77A26AC9-ADCD-44C3-9223-3412120AC75B}C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{77624F38-562C-46D5-9F8D-B17833C97F00}C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{3EA7B29D-006B-4B6D-ABBE-58EF162BA43C}] => (Allow) C:\Users\Dell\AppData\Roaming\OAS\oas.exe
FirewallRules: [{63BD8508-E130-47A3-8546-D06C8DCF9884}] => (Allow) C:\Users\Dell\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{4DB65F31-1BCF-4FFD-9A73-9D2239909A20}] => (Allow) C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B8EA605-9D9F-4596-951A-3246BECF4A09}] => (Allow) C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C85CAEC6-9A80-4B25-9D26-543ACA8BFDD0}C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{A77CB1FF-29BE-4AF5-B264-230CF4513606}C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dell\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{B146B132-AF68-48E7-A55C-47990C22F1E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3C9CEB6-C312-4403-A795-A64AE484A411}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4A88D20-45F4-4605-B064-9AEBE004436D}F:\openlpportable\app\openlp\openlp.exe] => (Allow) F:\openlpportable\app\openlp\openlp.exe
FirewallRules: [UDP Query User{948CEEDB-D79C-4454-A746-59DC45B23179}F:\openlpportable\app\openlp\openlp.exe] => (Allow) F:\openlpportable\app\openlp\openlp.exe
FirewallRules: [{D72FF84A-3692-4ACA-9DD4-F5D716572508}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{013B2226-BE8E-4E36-BADB-733C73D40790}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B3C9EEC-C19D-446F-A209-55D9A2C10A73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B3C9F9EC-786C-4F64-B89C-9FD64B439E61}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8A26FBF5-E75E-4BE1-BB7B-6044663E8A2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A5D7CF4-A1D0-4509-809B-46854F09BEF1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{25CF736C-2270-457B-8E59-3795DDF954B7}E:\openlpportable\app\openlp\openlp.exe] => (Allow) E:\openlpportable\app\openlp\openlp.exe
FirewallRules: [UDP Query User{75458893-04BD-465F-94FE-34F2C3910E97}E:\openlpportable\app\openlp\openlp.exe] => (Allow) E:\openlpportable\app\openlp\openlp.exe
FirewallRules: [{E73DFDAA-11DE-440A-B2DF-EEB4EEF82195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2015 09:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2015 05:33:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/25/2015 05:02:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 06:29:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/23/2015 06:10:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 05:35:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 07:08:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 01:35:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 10:20:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program sublime_text.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12c8

Start Time: 01d0dc6c4b6aeba8

Termination Time: 956

Application Path: C:\Program Files\Sublime Text 3\sublime_text.exe

Report Id: 4d1aaf7f-4863-11e5-b23f-4ceb4210a3f5

Error: (08/22/2015 09:40:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/27/2015 09:06:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/25/2015 05:04:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/23/2015 06:12:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/23/2015 05:37:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/23/2015 07:10:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/23/2015 07:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (08/23/2015 07:08:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (08/22/2015 01:37:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/22/2015 01:33:18 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %24

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: %600

Error: (08/22/2015 09:42:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126


Microsoft Office:
=========================
Error: (08/27/2015 09:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2015 05:33:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (08/25/2015 05:02:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 06:29:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (08/23/2015 06:10:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 05:35:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 07:08:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 01:35:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 10:20:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sublime_text.exe1.0.0.112c801d0dc6c4b6aeba8956C:\Program Files\Sublime Text 3\sublime_text.exe4d1aaf7f-4863-11e5-b23f-4ceb4210a3f5

Error: (08/22/2015 09:40:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8098.05 MB
Available physical RAM: 5251.55 MB
Total Virtual: 16194.27 MB
Available Virtual: 13416.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:624.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E600B0FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 27 August 2015 - 11:36 AM

Can you uninstall Idle Crawler from Progams and Features in Control Panel if you can find it
 
Afterwards:
-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

 

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can also find the log file at C:\AdwCleaner
     
    In addition:
    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
     
    Also: Please download TFC by Old Timer and save it to your desktop.
    http://www.itxassoci...T-Tools/TFC.exe
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it.
    NOTE: If you are using Vista, Windows 7/8  right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately.
     
    Post the logs from Adwcleaner and JRT and keep me informed how things are now running

         Can you also do a fresh scan with Farbar and post a fresh log> frst.txt


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 28 August 2015 - 05:45 AM

Hi guestolo

Thank you so much for your quick response. I have followed the instructions you have given, please find below the log files:

 

# AdwCleaner v5.004 - Logfile created 28/08/2015 at 21:27:33
# Updated 26/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

***** [ Files ] *****

[-] File Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{198404EB-B6A6-447F-9D86-33F2FA3BC77F}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1915 bytes] ##########
 



#6 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 28 August 2015 - 05:46 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dell on Fri 28/08/2015 at 21:33:32.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\ProPCCleaner_Popup
Successfully deleted: [Task] C:\Windows\system32\tasks\ProPCCleaner_Start



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dell\Appdata\Local\{AFFE82F4-CECE-C465-0DA5-151AEBFFBC8B}
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec



~~~ FireFox

Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\9zk16fkx.default-1438300192999\minidumps [2 files]



~~~ Chrome


[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 28/08/2015 at 21:37:33.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 28 August 2015 - 05:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Dell (administrator) on DELL-PC (28-08-2015 21:43:25)
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell (Available Profiles: Dell & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(OldTimer Tools) C:\Users\Dell\Downloads\TFC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-08-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [Cloud Sync Application] => C:\Program Files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe [169984 2014-01-27] (Renewed Vision, Inc)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [Facebook Update] => C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-26] (Facebook Inc.)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)









HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}: [NameServer] 82.163.143.137,82.163.142.139
Tcpip\..\Interfaces\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BF7548A4-4B37-4112-B6B7-87AD8793FEF1}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\9zk16fkx.default-1438300192999
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @ei.InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1gEI\Installr\1.bin\NP1gEISB.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2799920661-1438349000-4008728122-1000: @hola.org/vlc,version=1.8.204 -> C:\Users\Dell\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-2799920661-1438349000-4008728122-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 HPSLPSVC; C:\Users\Dell\AppData\Local\Temp\7zS595E\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 21:39 - 2015-08-28 21:39 - 00448512 _____ (OldTimer Tools) C:\Users\Dell\Downloads\TFC.exe
2015-08-28 21:37 - 2015-08-28 21:37 - 00001537 _____ C:\Users\Dell\Desktop\JRT.txt
2015-08-28 21:24 - 2015-08-28 21:24 - 01792178 _____ (Malwarebytes Corporation) C:\Users\Dell\Downloads\JRT.exe
2015-08-28 21:23 - 2015-08-28 21:23 - 01618432 _____ C:\Users\Dell\Downloads\AdwCleaner.exe
2015-08-27 22:53 - 2015-08-27 22:53 - 00048626 _____ C:\Users\Dell\Downloads\Addition.txt
2015-08-27 22:52 - 2015-08-28 21:43 - 00018052 _____ C:\Users\Dell\Downloads\FRST.txt
2015-08-27 22:52 - 2015-08-28 21:43 - 00000000 ____D C:\FRST
2015-08-27 22:52 - 2015-08-27 22:52 - 02186752 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2015-08-27 22:43 - 2015-08-27 22:43 - 00011145 _____ C:\Users\Dell\Downloads\hijackthis.log
2015-08-27 22:42 - 2015-08-27 22:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dell\Downloads\HijackThis.exe
2015-08-23 23:30 - 2015-08-23 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-23 07:22 - 2015-08-23 07:22 - 00112093 _____ C:\Users\Dell\Downloads\Esther.pptx
2015-08-22 14:22 - 2015-08-22 14:22 - 00001870 _____ C:\Users\Dell\Downloads\Come Praise & Glorify (Bob Kauflin, Tim Chester).xml
2015-08-22 14:22 - 2015-08-22 14:22 - 00001792 _____ C:\Users\Dell\Downloads\Here is Love (Matt Redman, William Rees, Robert Lowry).xml
2015-08-22 14:16 - 2015-08-22 14:16 - 00001813 _____ C:\Users\Dell\Downloads\It Is Well With My Soul (Philipp Bliss, Horatio G Spafford).xml
2015-08-20 23:58 - 2015-08-23 07:31 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-08-20 23:58 - 2015-08-20 23:58 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Sublime Text 3
2015-08-20 23:58 - 2015-08-20 23:58 - 00000000 ____D C:\Users\Dell\AppData\Local\Sublime Text 3
2015-08-20 18:18 - 2015-08-20 22:00 - 00000000 ____D C:\Users\Dell\Downloads\dmps
2015-08-15 21:09 - 2015-08-15 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 10:13 - 2015-07-31 10:13 - 00000000 ____D C:\SUPERDelete
2015-07-31 10:12 - 2015-08-23 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-31 10:12 - 2015-08-23 07:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 10:12 - 2015-07-31 10:12 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-07-31 10:12 - 2015-07-31 10:12 - 00000000 ____D C:\Users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2015-07-31 10:12 - 2015-07-31 10:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-07-31 10:09 - 2015-07-31 10:12 - 22854032 _____ (SUPERAntiSpyware) C:\Users\Dell\Downloads\SUPERAntiSpywarePro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 21:44 - 2014-03-13 19:22 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-08-28 21:41 - 2009-07-14 14:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 21:41 - 2009-07-14 14:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 21:40 - 2012-10-29 20:51 - 02095631 _____ C:\Windows\WindowsUpdate.log
2015-08-28 21:30 - 2015-07-06 17:38 - 00000000 ___RD C:\Users\Dell\Dropbox
2015-08-28 21:30 - 2015-07-06 17:36 - 00000000 ____D C:\Users\Dell\AppData\Local\Dropbox
2015-08-28 21:29 - 2012-11-04 12:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 21:29 - 2012-10-29 21:23 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 21:28 - 2015-07-06 17:36 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-28 21:28 - 2015-06-28 11:25 - 00004302 _____ C:\Windows\setupact.log
2015-08-28 21:28 - 2015-04-07 16:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 21:28 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 21:27 - 2015-04-06 14:59 - 00000000 ____D C:\AdwCleaner
2015-08-28 21:01 - 2015-04-07 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 20:48 - 2015-07-06 17:36 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-28 20:41 - 2014-08-26 18:11 - 00000000 ____D C:\Users\Dell\AppData\Local\Adobe
2015-08-28 19:29 - 2014-07-26 22:24 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000UA.job
2015-08-27 22:29 - 2014-07-26 22:24 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2799920661-1438349000-4008728122-1000Core.job
2015-08-27 22:21 - 2012-12-02 20:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Skype
2015-08-24 00:04 - 2015-04-07 16:43 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-23 23:30 - 2014-11-30 18:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-23 23:30 - 2014-05-26 17:08 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-23 23:30 - 2012-12-02 20:26 - 00000000 ____D C:\ProgramData\Skype
2015-08-23 17:45 - 2015-05-01 12:25 - 00000000 ____D C:\Users\Dell\Desktop\M&M Website
2015-08-23 07:31 - 2015-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 07:31 - 2015-04-07 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 07:31 - 2012-11-24 18:20 - 00000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent
2015-08-23 07:31 - 2012-10-31 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-23 07:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-08-23 07:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-22 13:55 - 2009-07-14 15:13 - 00796054 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-22 13:37 - 2015-06-13 18:21 - 00000000 ____D C:\Users\Dell\AppData\Roaming\vlc
2015-08-22 13:33 - 2012-10-29 20:51 - 00000000 ____D C:\Users\Dell
2015-08-16 16:39 - 2015-07-12 14:23 - 00004104 _____ C:\Windows\PFRO.log
2015-08-15 21:09 - 2015-07-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-12 20:29 - 2012-11-04 12:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 20:29 - 2012-11-04 12:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 20:29 - 2012-11-04 12:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-08 11:40 - 2012-10-29 20:59 - 00000000 ____D C:\Users\Dell\Desktop\N5110
2015-07-31 10:06 - 2015-06-28 10:37 - 00000000 ____D C:\Program Files\CCleaner
2015-07-31 09:49 - 2015-06-11 17:16 - 00000000 ____D C:\Users\Dell\Desktop\Old Firefox Data

==================== Files in the root of some directories =======

2014-12-06 08:09 - 2014-12-07 19:57 - 1019904 _____ () C:\Users\Dell\AppData\Roaming\123 Cheese Prefsv3
2013-01-06 08:57 - 2013-01-06 08:57 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-30 12:13 - 2008-07-07 13:22 - 0000014 _____ () C:\Users\Dell\AppData\Roaming\options.ini
2013-06-30 12:13 - 2012-07-07 13:04 - 0000003 _____ () C:\Users\Dell\AppData\Roaming\options_pdfcombine.ini
2013-06-30 12:13 - 2013-02-23 12:15 - 0000003 _____ () C:\Users\Dell\AppData\Roaming\options_pdfrotator.ini
2013-06-30 12:13 - 2013-06-30 12:14 - 0000703 _____ () C:\Users\Dell\AppData\Roaming\pdfsound.dll
2013-06-30 12:13 - 2013-06-09 09:38 - 0000053 _____ () C:\Users\Dell\AppData\Roaming\setting.ini
2013-06-30 12:13 - 2013-06-08 13:43 - 0000030 _____ () C:\Users\Dell\AppData\Roaming\setup.ini
2013-06-30 12:13 - 2013-06-09 09:30 - 0000043 _____ () C:\Users\Dell\AppData\Roaming\setup_pdfcombine.ini
2013-06-30 12:13 - 2013-06-09 10:34 - 0000043 _____ () C:\Users\Dell\AppData\Roaming\setup_pdfrotator.ini
2015-04-03 17:12 - 2015-04-04 03:42 - 0000062 _____ () C:\Users\Dell\AppData\Roaming\WB.CFG
2015-02-05 18:59 - 2015-02-05 19:04 - 0000600 _____ () C:\Users\Dell\AppData\Roaming\winscp.rnd
2014-12-06 08:25 - 2015-06-14 18:55 - 0109925 _____ () C:\Users\Dell\AppData\Local\ars.cache
2014-12-06 08:25 - 2015-06-14 18:55 - 0468633 _____ () C:\Users\Dell\AppData\Local\census.cache
2014-10-11 19:24 - 2014-10-11 19:24 - 0000092 _____ () C:\Users\Dell\AppData\Local\fusioncache.dat
2014-12-06 07:58 - 2014-12-06 07:58 - 0000036 _____ () C:\Users\Dell\AppData\Local\housecall.guid.cache
2013-02-19 19:01 - 2015-02-05 18:46 - 0000600 _____ () C:\Users\Dell\AppData\Local\PUTTY.RND
2015-04-06 14:56 - 2015-04-06 14:57 - 0011722 _____ () C:\Users\Dell\AppData\Local\Temp-log.txt
2014-10-10 17:56 - 2014-10-10 18:14 - 0000372 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-23 18:27

==================== End of FRST.txt ============================



#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 28 August 2015 - 01:05 PM

Please download Malwarebytes Anti-Malware to your desktop

  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  •  
  • Post the log from Malwarebytes please:
  • 1.Open Malwarebytes Anti-Malware 2.0
  • 2.Click History > Application Logs
    3.Double-click the log you would like to open

    Scan Logs record detections from manual scans, including threats detected and the actions taken against them

    To save a Scan Log:

    1.Open the log file you would like to save
    2.Click Export
    3.Choose to export to a .txt
    4.Choose a folder to save the log file in, then click Save
    5.Post that log here

 

Keep me informed how things are now running


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 28 August 2015 - 04:23 PM

Hi guestolo

 

Please find below malwarebytes log. Unfortuanetly i still have this stupid ads by cloudscout crap hanging around ... :(

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/08/2015
Scan Time: 7:35 AM
Logfile: log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.28.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447737
Time Elapsed: 37 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.IdleCrawler.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Runner IC, Delete-on-Reboot, [e94dc34b494238fea0c67ba7649f9d63],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [6dc9937b2b60181e3c2120897094f808],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ei.InboxAce_1g.com/Plugin, Quarantined, [33030c02246777bf7760525421e3ad53],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [5adcba54c9c28da9f76601a8c73d3cc4],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F64CDBE-8316-45BE-91CF-1CBBCEAE867C}, Quarantined, [54e263ab90fb290d3f0dcc5c5fa41ce4],
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1001\SOFTWARE\ONE SYSTEM CARE, Quarantined, [e2540707b8d3fd39e2c7f2be72924eb2],

Registry Values: 6
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [6dc9937b2b60181e3c2120897094f808]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [5adcba54c9c28da9f76601a8c73d3cc4]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F64CDBE-8316-45BE-91CF-1CBBCEAE867C}|URL, https://au.search.ya...&type=937811&p={searchTerms}, Quarantined, [54e263ab90fb290d3f0dcc5c5fa41ce4]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1001\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, Quarantined, [e2540707b8d3fd39e2c7f2be72924eb2]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softserver...3/DriverPro.exe, Quarantined, [51e52ae4305b23135dee317835cf7b85]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-2799920661-1438349000-4008728122-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softserver...LiveSupport.exe, Quarantined, [d6600d014c3fca6cd07b4f5afe06629e]

Registry Data: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{AB5AB876-2FBC-4E49-B2E5-F555096C785B}|NameServer, 82.163.143.137,82.163.142.139, Good: (), Bad: (82.163.143.137,82.163.142.139),Replaced,[1a1ca668e5a684b2c90fd887d431be42]

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.MultiPlug.A, C:\ProgramData\685268800007c57\685268800007c57.dll, Quarantined, [dc5a44ca54373afce8b605cd4cb59967],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\WallButtress\WallButtress.dll, Quarantined, [bd797e908308d1656539d9f9a859f60a],
PUP.Optional.InstallCore.SID.C, C:\Users\Dell\Downloads\Unconfirmed 599568.crdownload, Quarantined, [f83ef21ccfbc7cba66e792ff18ed25db],
PUP.Optional.InstallCore.SID.C, C:\Users\Dell\Downloads\Unconfirmed 159729.crdownload, Quarantined, [ba7c8886bfccd75f51fc0e83e91c21df],
PUP.Optional.InstallCore.A, C:\Users\Dell\Downloads\CR_Downloader_for_mame.exe, Quarantined, [9f97ff0f27642214df50e2cee51c659b],
PUP.Optional.InstallCore.A, C:\Users\Dell\Downloads\CR_Downloader_for_marvel-vs.-capcom--clash-of-super-heroes-(usa-980123).exe, Quarantined, [ac8a8e80652643f3e649a20e37ca32ce],
PUP.Optional.InstallCore.A, C:\Users\Dell\Downloads\CR_Downloader_for_project64.exe, Quarantined, [fe38ab6344470c2a131cd7d9fc0507f9],
PUP.Optional.InstallCore.A, C:\Users\Dell\Downloads\CR_Downloader_for_tekken-tag-tournament-(us,-teg3-ver.c1).exe, Quarantined, [91a5a46a692271c50827258b20e1ab55],
PUP.Optional.InstallCore.SID.C, C:\Users\Dell\Downloads\Unconfirmed 366261.crdownload, Quarantined, [a393b7578803300676d7078a9a6bab55],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 28 August 2015 - 05:55 PM

Do you have popups in all your browsers?

IE, Chrome, and Firefox,

or just one browser?

 

We may have to reset your browser to defaults, as in the following link

http://www.howtogeek...fault-settings/


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#11 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 29 August 2015 - 12:35 AM

I think youve done it!!! I have tried to do this for about 8 weeks. This is the first day I dont get an anoying ad from this stupid cloudscout thing! The main problem was always in my firefox browser. After reseting it just then as you have asked me to do above it seems to work!! smile.png

Is there anything I should do from here to make sure its really gone or do you think this nasty piece of spyware is finally gone?



#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 August 2015 - 10:58 AM

Sounds good
Open AdwCleaner and click on the Uninstall button
 
Your option to hold onto Malwarebytes free version or uninstall it from Programs and Features
In Windows Control Panel
 
I would remove your older verion of Sun Java
Close all browser windows and access Programs and Features and remove
Java 7 Update 65
after removal you can leave Java uninstalled or get the latest version from this link
https://java.com/en/download/
During install if an option to changed homepage/ search settings to Yahoo
or install McAfee Security scan please deselect those options then continue the install
 
Note: I noticed you do have McAfee Security Scan installed already, you can close all browsers and remove
it also if you're not using it.. Likely installed with other software
 
Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked.
  • Click Run
  • delfix will now delete all found traces of our removal tools

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#13 warriorsd

warriorsd

    Journeyman

  • Members
  • PipPip
  • 39 posts

Posted 29 August 2015 - 08:15 PM

All done! I followed your latest steps and I think its all running perfectly again :)

I cant thank you enough!!! Really appreciate your assistance.

Thanks again!



#14 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 August 2015 - 01:23 PM

Good work, I'll lock this topic as your problems are resolved

Take care warriorsd

 

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here