Results 1 to 9 of 9
  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Angry Malware detected. Scans constantly finding threats. Help! Super + Malware + HJT logs

    Hey all,

    A friend of mines computer has come to grief. Hes a keen FB gamer and suspicions are hes been a tad too mouse-click happy with whatever hes been accepting/installing etc

    HJT

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:09:47 p.m., on 13/01/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)


    Boot mode: Normal

    Running processes:
    C:\Users\User\AppData\Local\ContentFinder.exe
    C:\Users\User\AppData\Local\CommonLauncher.exe
    C:\Users\User\AppData\Local\ContentSinder.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\User\Desktop\HijackThis.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ContentFinder] C:\Users\User\AppData\Local\ContentFinder.exe
    O4 - HKCU\..\Run: [CommonLauncher] C:\Users\User\AppData\Local\CommonLauncher.exe
    O4 - HKCU\..\Run: [ContentSinder] C:\Users\User\AppData\Local\ContentSinder.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E888B34-4046-49D1-B64A-710501BF360D}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E888B34-4046-49D1-B64A-710501BF360D}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E888B34-4046-49D1-B64A-710501BF360D}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files (x86)\Intel\AMT\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 7452 bytes

    SUPER

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/13/2015 at 01:00 PM

    Application Version : 6.0.1158
    Database Version : 11703

    Scan type : Complete Scan
    Total Scan Time : 00:05:44

    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 484
    Memory threats detected : 0
    Registry items scanned : 62201
    Registry threats detected : 0
    File items scanned : 16284
    File threats detected : 2

    Adware.Tracking Cookie
    .imrworldwide.com [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    ============
    End of Log
    ============

    MALWARE

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <mbam-log>
    <header>
    <date>2015/01/13 13:02:42 +1300</date>
    <logfile>mbam-log-2015-01-13 (13-01-45).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.4.1028</version>
    <malware-database>v2015.01.12.09</malware-database>
    <rootkit-database>v2015.01.07.01</rootkit-database>
    <license>free</license>
    <file-protection>disabled</file-protection>
    <web-protection>disabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 7 Service Pack 1</osversion>
    <arch>x64</arch>
    <username>User</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>321324</objects>
    <time>415</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>0</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>0</folders>
    <files>0</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>disabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>enabled</pup>
    <pum>enabled</pum>
    </options>
    <items></items>

    His computer was rebooted/restarted and Ill await further instruction. Thanks

    Xtrakt

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    That's not a Malwarebytes log something went wrong, follow directions and see if you can re-post a normal looking malwarebytes log that actually shows files and deletions.


    • open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.[/*]


    Next this has to be downloaded to the desktop. Post both log files.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Post:
    1.FRST.txt
    2.Additions.txt

    Thanks
    Joe

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    I can locate the EXPORT icon/button on the MWB App Logs? It stipulates that the action can be performed but who knows how that feature has been coded?

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by User (administrator) on WINDOWS-TI1NND5 on 25-01-2015 16:32:30
    Running from C:\Users\User\Downloads
    Loaded Profiles: User (Available profiles: User)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (ContentFinder Company) C:\Users\User\AppData\Local\ContentFinder.exe
    (VDC Company) C:\Users\User\AppData\Local\CommonLauncher.exe
    (ContentSinder Company) C:\Users\User\AppData\Local\ContentSinder.exe
    (Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-22] (Piriform Ltd)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [ContentFinder] => C:\Users\User\AppData\Local\ContentFinder.exe [107520 2014-11-12] (ContentFinder Company)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [CommonLauncher] => C:\Users\User\AppData\Local\CommonLauncher.exe [210944 2014-03-12] (VDC Company)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [ContentSinder] => C:\Users\User\AppData\Local\ContentSinder.exe [176640 2014-11-12] (ContentSinder Company)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-3565841853-2135406614-420602517-1001 -> DefaultScope {DF191CEA-96E0-4BEF-9AEE-979DDA157344} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3565841853-2135406614-420602517-1001 -> {DF191CEA-96E0-4BEF-9AEE-979DDA157344} URL = https://www.google.com/search?q={searchTerms}
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
    Tcpip\..\Interfaces\{1E888B34-4046-49D1-B64A-710501BF360D}: [NameServer] 8.8.8.8,8.8.4.4

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SaveLoets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akiddnbmncobphmmnjifcnaimefolggi [2015-01-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2057728 2015-01-11] () [File not signed]
    R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [105240 2007-05-29] (Intel)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
    S3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [29184 2007-04-11] (STMicroelectronics, INC)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-23] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 16:32 - 2015-01-25 16:32 - 00008846 _____ () C:\Users\User\Downloads\FRST.txt
    2015-01-25 16:32 - 2015-01-25 16:32 - 00000000 ____D () C:\FRST
    2015-01-25 16:31 - 2015-01-25 16:31 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
    2015-01-25 16:30 - 2015-01-25 16:30 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
    2015-01-25 16:25 - 2015-01-25 16:25 - 00000810 _____ () C:\Windows\setupact.log
    2015-01-25 16:25 - 2015-01-25 16:25 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-25 15:13 - 2015-01-25 15:13 - 00003349 _____ () C:\Windows\WindowsUpdate.log
    2015-01-25 00:33 - 2015-01-25 00:36 - 24862453 _____ () C:\Users\User\Downloads\House of Shem -Let it be- [Official Music Video 2014].mp4
    2015-01-25 00:31 - 2015-01-25 00:32 - 18154867 _____ () C:\Users\User\Downloads\Sammy J - Hey.mp4
    2015-01-14 09:42 - 2014-12-19 16:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 09:42 - 2014-12-19 14:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 09:42 - 2014-12-12 18:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 09:42 - 2014-12-12 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 09:42 - 2014-12-12 18:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 09:42 - 2014-12-12 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 09:42 - 2014-12-12 18:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 09:42 - 2014-12-12 18:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 09:42 - 2014-12-12 18:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 09:42 - 2014-12-12 06:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 09:42 - 2014-12-06 17:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 09:42 - 2014-12-06 16:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 09:42 - 2014-12-06 16:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-11 17:55 - 2015-01-25 16:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-11 17:55 - 2015-01-11 17:55 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-11 17:55 - 2015-01-11 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-11 17:55 - 2015-01-11 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-11 17:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-11 17:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-11 17:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-11 17:53 - 2015-01-11 17:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\HijackThis.exe
    2015-01-11 17:49 - 2015-01-11 17:50 - 00000850 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2015-01-11 17:24 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\NNewSAver
    2015-01-11 17:23 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\DisscouuntExtensi
    2015-01-11 17:23 - 2015-01-11 17:24 - 00000000 ____D () C:\ProgramData\ca436ef111f14d8a
    2015-01-11 17:05 - 2015-01-11 17:05 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-11 17:02 - 2015-01-25 16:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-11 17:02 - 2015-01-25 15:10 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-11 17:02 - 2015-01-11 17:02 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-01-11 17:02 - 2015-01-11 17:02 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-11 16:34 - 2015-01-11 17:02 - 00000000 ____D () C:\Program Files (x86)\SystemHero
    2014-12-30 15:38 - 2014-12-30 15:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 16:32 - 2014-12-04 08:00 - 09586376 _____ () C:\Windows\SysWOW64\viewer.txt
    2015-01-25 16:32 - 2014-12-04 08:00 - 09041265 _____ () C:\Windows\SysWOW64\sinder.txt
    2015-01-25 16:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\tracing
    2015-01-25 15:35 - 2014-12-04 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 15:35 - 2014-12-04 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-25 15:35 - 2014-12-04 11:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 15:35 - 2014-12-04 11:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-25 15:18 - 2009-07-14 17:45 - 00040032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 15:18 - 2009-07-14 17:45 - 00040032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 15:11 - 2014-09-06 16:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-25 15:10 - 2014-11-30 15:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2015-01-25 15:10 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-25 11:52 - 2014-11-04 11:07 - 01305600 ___SH () C:\Users\User\Downloads\Thumbs.db
    2015-01-25 00:46 - 2014-12-03 23:44 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-25 00:46 - 2014-05-15 23:52 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-25 00:44 - 2014-12-03 23:44 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-24 16:41 - 2009-07-14 18:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-24 13:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-18 19:16 - 2014-10-23 12:05 - 00000364 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - User).job
    2015-01-14 19:51 - 2014-03-14 20:46 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 19:48 - 2014-03-14 20:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 18:07 - 2009-07-14 18:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-11 18:24 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\PLA
    2015-01-11 17:05 - 2014-08-31 16:20 - 00000000 ____D () C:\Users\User\AppData\Local\Google
    2015-01-11 17:05 - 2014-08-31 16:20 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-11 17:01 - 2014-08-29 14:18 - 00000926 _____ () C:\Windows\system32\Drivers\etc\hosts-lms.tmp
    2015-01-08 10:41 - 2014-10-23 12:12 - 00000000 ____D () C:\Users\User\Documents\PC Speed Maximizer
    2015-01-08 10:39 - 2014-12-03 20:30 - 00000000 ____D () C:\Users\User\Documents\Video Download Capture
    2015-01-06 04:36 - 2010-11-21 16:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-12-03 20:41 - 2014-03-12 12:31 - 0210944 _____ (VDC Company) C:\Users\User\AppData\Local\CommonLauncher.exe
    2014-12-03 20:41 - 2014-11-12 14:57 - 0107520 _____ (ContentFinder Company) C:\Users\User\AppData\Local\ContentFinder.exe
    2014-12-03 20:44 - 2014-11-12 14:58 - 0176640 _____ (ContentSinder Company) C:\Users\User\AppData\Local\ContentSinder.exe
    2014-12-03 20:41 - 2013-03-18 17:45 - 1122304 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\Users\User\AppData\Local\libeay32.dll
    2014-12-03 20:41 - 2014-12-04 01:31 - 0135625 _____ () C:\Users\User\AppData\Local\log.txt
    2014-12-03 20:41 - 2011-06-11 00:58 - 0421200 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\msvcp100.dll
    2014-12-03 20:41 - 2011-06-11 00:58 - 0773968 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\msvcr100.dll
    2014-10-23 11:57 - 2014-10-23 11:56 - 0612212 _____ (CMI Limited) C:\Users\User\AppData\Local\nsvE821.tmp
    2014-10-23 12:08 - 2014-10-23 12:08 - 0612212 _____ (CMI Limited) C:\Users\User\AppData\Local\nsx149B.tmp
    2014-12-03 20:41 - 2014-07-07 10:54 - 2599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtCore4.dll
    2014-12-03 20:41 - 2014-04-20 02:43 - 8587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtGui4.dll
    2014-12-03 20:41 - 2014-04-20 02:38 - 1053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtNetwork4.dll
    2014-12-03 20:41 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtWebKit4.dll
    2014-12-03 20:44 - 2014-12-04 01:31 - 0168224 _____ () C:\Users\User\AppData\Local\sinder.txt
    2014-12-03 20:41 - 2013-03-18 17:45 - 0274432 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\Users\User\AppData\Local\ssleay32.dll
    2014-12-03 20:41 - 2014-12-04 01:31 - 0182947 _____ () C:\Users\User\AppData\Local\viewer.txt

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-28 16:01

    ==================== End Of Log ============================

    ADD

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by User at 2015-01-25 16:33:04
    Running from C:\Users\User\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    STM TPM Driver 1.0.4.15 - 32 bits (HKLM-x32\...\{61358035-3039-4164-8B17-00063C0AC747}_is1) (Version: - STMicroelectronics)
    STMicroelectronics Trusted Platform Module (HKLM-x32\...\{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}) (Version: 1.0.4.14 - STMicroelectronics, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    23-10-2014 20:47:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    23-10-2014 21:39:36 Removed DriverUpdate
    25-10-2014 14:04:43 Windows Update
    29-10-2014 10:31:53 Windows Update
    01-11-2014 19:09:22 Windows Update
    05-11-2014 10:51:25 Windows Update
    12-11-2014 12:24:20 Windows Update
    12-11-2014 22:07:32 Windows Update
    26-11-2014 11:20:01 Windows Update
    26-11-2014 11:45:26 Windows Update
    29-11-2014 18:54:19 Windows Update
    30-11-2014 11:10:28 Installed AVG 2015
    30-11-2014 11:10:47 Installed AVG 2015
    30-11-2014 11:15:47 RCP Sun, Nov 30, 14 11:15
    01-12-2014 21:20:03 Removed 7-Zip 9.20 (x64 edition)
    02-12-2014 19:30:30 Removed AVG 2015
    02-12-2014 19:32:07 Removed AVG 2015
    02-12-2014 19:43:19 Removed Adobe Reader XI (11.0.09).
    02-12-2014 19:44:14 Removed Visual Studio 2012 x86 Redistributables
    02-12-2014 19:44:31 Removed Visual Studio 2012 x64 Redistributables
    03-12-2014 19:21:41 Windows Update
    03-12-2014 20:29:49 Device Driver Package Install: Apowersoft Sound, video and game controllers
    03-12-2014 23:43:50 Installed Java 7 Update 71
    06-12-2014 21:48:03 Windows Update
    10-12-2014 21:20:52 Windows Update
    17-12-2014 10:54:48 Windows Update
    18-12-2014 12:22:38 Windows Update
    24-12-2014 10:47:20 Windows Update
    31-12-2014 11:20:49 Windows Update
    03-01-2015 21:51:11 Windows Update
    07-01-2015 16:30:51 Windows Update
    10-01-2015 21:13:40 Windows Update
    14-01-2015 09:42:24 Windows Update
    14-01-2015 19:47:52 Windows Update
    21-01-2015 10:41:21 Windows Update
    24-01-2015 12:02:40 Windows Update

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A9F6B0-BF55-4AA9-BDA1-AF0F925CA123} - \SPDriver No Task File <==== ATTENTION
    Task: {1FE36D81-4347-4C7F-995B-5EF8A898F3BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-22] (Piriform Ltd)
    Task: {30E732DB-6362-4432-8662-17C6A3BFA035} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {39915CE7-5294-47CE-8D97-0076909CC6C9} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {4DC5D900-4FA8-44AA-8785-1ADEEBBBBA62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
    Task: {7367F4B3-FAD1-4026-827A-A8E52297B1F0} - System32\Tasks\{8C96B9CA-2D16-4D74-B52E-71A5CA3E254C} => pcalua.exe -a C:\Installation\Amt\LMS_SOL_Win2k_allXP_Vista32_5.2.0.1019_PV.exe -d C:\Installation\Amt
    Task: {7948320F-EDD3-491F-91D3-9BF0F94CCCC4} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {85786B1B-953E-4CE6-BF8B-440EBAE675B7} - System32\Tasks\{4CC87FDC-C0D4-466D-8479-A3FBAF0075E6} => pcalua.exe -a C:\Installation\Tpm\TPM_XP64_1.0.4.14_PV_STMICRO.EXE -d C:\Users\User\Desktop
    Task: {89F74260-0E45-4A04-A929-C22C6FE74909} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - User) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {9258E63E-D58D-41B1-8FD3-41857B037F86} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {A8D2C64B-E964-4EA9-A7D6-6076988AF3C0} - System32\Tasks\{B0CF1CDB-E408-4BAA-B08B-1F5A468BDDE6} => pcalua.exe -a C:\Installation\Management\HECI_allOS_2.1.22.1033_PV.exe -d C:\Installation\Management
    Task: {A9DA2B3A-5DE2-4B2E-87C3-61D1CC9CFA86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {CB22F41B-610F-48CD-9D9C-D8B5A3CBF6A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
    Task: {D8401B77-7559-4D2E-AF37-E5413A60320A} - \SPBIW_UpdateTask_Time_333735383136353630382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
    Task: {E75A929F-1C59-45AD-B55C-2A1F2BADD119} - \ShopperPro No Task File <==== ATTENTION
    Task: {E8BFA245-DA07-4D1F-9E26-C4DDE562A916} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {F5ED41E1-0D4D-407E-A593-85D6DC131850} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {FF7D95F4-B8BF-4708-B9D9-6FF63367AF3B} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - User).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-11 16:34 - 2015-01-11 16:34 - 02057728 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3565841853-2135406614-420602517-500 - Administrator - Disabled)
    Guest (S-1-5-21-3565841853-2135406614-420602517-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3565841853-2135406614-420602517-1005 - Limited - Enabled)
    User (S-1-5-21-3565841853-2135406614-420602517-1001 - Administrator - Enabled) => C:\Users\User

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/25/2015 03:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 03:10:58 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 11:28:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 11:27:05 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:47:51 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:12:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:11:38 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/24/2015 04:43:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/24/2015 04:41:37 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file


    System errors:
    =============
    Error: (01/25/2015 03:11:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:11:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:10:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:34:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:34:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 00:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 00:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (01/25/2015 03:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 03:10:58 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 11:28:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 11:27:05 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:47:51 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:12:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:11:38 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/24/2015 04:43:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/24/2015 04:41:37 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 53%
    Total physical RAM: 3053.51 MB
    Available physical RAM: 1425.09 MB
    Total Pagefile: 6105.2 MB
    Available Pagefile: 4357.9 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.42 GB) (Free:390.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01EC01EB)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  4. #4
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    I can locate the EXPORT icon/button on the MWB App Logs? It stipulates that the action can be performed but who knows how that feature has been coded?

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by User (administrator) on WINDOWS-TI1NND5 on 25-01-2015 16:32:30
    Running from C:\Users\User\Downloads
    Loaded Profiles: User (Available profiles: User)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (ContentFinder Company) C:\Users\User\AppData\Local\ContentFinder.exe
    (VDC Company) C:\Users\User\AppData\Local\CommonLauncher.exe
    (ContentSinder Company) C:\Users\User\AppData\Local\ContentSinder.exe
    (Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-22] (Piriform Ltd)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [ContentFinder] => C:\Users\User\AppData\Local\ContentFinder.exe [107520 2014-11-12] (ContentFinder Company)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [CommonLauncher] => C:\Users\User\AppData\Local\CommonLauncher.exe [210944 2014-03-12] (VDC Company)
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\...\Run: [ContentSinder] => C:\Users\User\AppData\Local\ContentSinder.exe [176640 2014-11-12] (ContentSinder Company)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
    HKU\S-1-5-21-3565841853-2135406614-420602517-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-3565841853-2135406614-420602517-1001 -> DefaultScope {DF191CEA-96E0-4BEF-9AEE-979DDA157344} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3565841853-2135406614-420602517-1001 -> {DF191CEA-96E0-4BEF-9AEE-979DDA157344} URL = https://www.google.com/search?q={searchTerms}
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
    Tcpip\..\Interfaces\{1E888B34-4046-49D1-B64A-710501BF360D}: [NameServer] 8.8.8.8,8.8.4.4

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SaveLoets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akiddnbmncobphmmnjifcnaimefolggi [2015-01-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2057728 2015-01-11] () [File not signed]
    R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [105240 2007-05-29] (Intel)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
    S3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [29184 2007-04-11] (STMicroelectronics, INC)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-23] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 16:32 - 2015-01-25 16:32 - 00008846 _____ () C:\Users\User\Downloads\FRST.txt
    2015-01-25 16:32 - 2015-01-25 16:32 - 00000000 ____D () C:\FRST
    2015-01-25 16:31 - 2015-01-25 16:31 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
    2015-01-25 16:30 - 2015-01-25 16:30 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
    2015-01-25 16:25 - 2015-01-25 16:25 - 00000810 _____ () C:\Windows\setupact.log
    2015-01-25 16:25 - 2015-01-25 16:25 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-25 15:13 - 2015-01-25 15:13 - 00003349 _____ () C:\Windows\WindowsUpdate.log
    2015-01-25 00:33 - 2015-01-25 00:36 - 24862453 _____ () C:\Users\User\Downloads\House of Shem -Let it be- [Official Music Video 2014].mp4
    2015-01-25 00:31 - 2015-01-25 00:32 - 18154867 _____ () C:\Users\User\Downloads\Sammy J - Hey.mp4
    2015-01-14 09:42 - 2014-12-19 16:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 09:42 - 2014-12-19 14:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 09:42 - 2014-12-12 18:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 09:42 - 2014-12-12 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 09:42 - 2014-12-12 18:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 09:42 - 2014-12-12 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 09:42 - 2014-12-12 18:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 09:42 - 2014-12-12 18:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 09:42 - 2014-12-12 18:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 09:42 - 2014-12-12 06:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 09:42 - 2014-12-06 17:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 09:42 - 2014-12-06 16:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 09:42 - 2014-12-06 16:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-11 17:55 - 2015-01-25 16:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-11 17:55 - 2015-01-11 17:55 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-11 17:55 - 2015-01-11 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-11 17:55 - 2015-01-11 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-11 17:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-11 17:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-11 17:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-11 17:53 - 2015-01-11 17:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\HijackThis.exe
    2015-01-11 17:49 - 2015-01-11 17:50 - 00000850 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2015-01-11 17:24 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\NNewSAver
    2015-01-11 17:23 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\DisscouuntExtensi
    2015-01-11 17:23 - 2015-01-11 17:24 - 00000000 ____D () C:\ProgramData\ca436ef111f14d8a
    2015-01-11 17:05 - 2015-01-11 17:05 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-11 17:02 - 2015-01-25 16:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-11 17:02 - 2015-01-25 15:10 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-11 17:02 - 2015-01-11 17:02 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-01-11 17:02 - 2015-01-11 17:02 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-11 16:34 - 2015-01-11 17:02 - 00000000 ____D () C:\Program Files (x86)\SystemHero
    2014-12-30 15:38 - 2014-12-30 15:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 16:32 - 2014-12-04 08:00 - 09586376 _____ () C:\Windows\SysWOW64\viewer.txt
    2015-01-25 16:32 - 2014-12-04 08:00 - 09041265 _____ () C:\Windows\SysWOW64\sinder.txt
    2015-01-25 16:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\tracing
    2015-01-25 15:35 - 2014-12-04 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 15:35 - 2014-12-04 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-25 15:35 - 2014-12-04 11:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 15:35 - 2014-12-04 11:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-25 15:18 - 2009-07-14 17:45 - 00040032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 15:18 - 2009-07-14 17:45 - 00040032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 15:11 - 2014-09-06 16:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-25 15:10 - 2014-11-30 15:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2015-01-25 15:10 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-25 11:52 - 2014-11-04 11:07 - 01305600 ___SH () C:\Users\User\Downloads\Thumbs.db
    2015-01-25 00:46 - 2014-12-03 23:44 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-25 00:46 - 2014-05-15 23:52 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-25 00:44 - 2014-12-03 23:44 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-01-25 00:44 - 2014-12-03 23:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-24 16:41 - 2009-07-14 18:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-24 13:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-18 19:16 - 2014-10-23 12:05 - 00000364 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - User).job
    2015-01-14 19:51 - 2014-03-14 20:46 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 19:48 - 2014-03-14 20:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 18:07 - 2009-07-14 18:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-11 18:24 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\PLA
    2015-01-11 17:05 - 2014-08-31 16:20 - 00000000 ____D () C:\Users\User\AppData\Local\Google
    2015-01-11 17:05 - 2014-08-31 16:20 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-11 17:01 - 2014-08-29 14:18 - 00000926 _____ () C:\Windows\system32\Drivers\etc\hosts-lms.tmp
    2015-01-08 10:41 - 2014-10-23 12:12 - 00000000 ____D () C:\Users\User\Documents\PC Speed Maximizer
    2015-01-08 10:39 - 2014-12-03 20:30 - 00000000 ____D () C:\Users\User\Documents\Video Download Capture
    2015-01-06 04:36 - 2010-11-21 16:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-12-03 20:41 - 2014-03-12 12:31 - 0210944 _____ (VDC Company) C:\Users\User\AppData\Local\CommonLauncher.exe
    2014-12-03 20:41 - 2014-11-12 14:57 - 0107520 _____ (ContentFinder Company) C:\Users\User\AppData\Local\ContentFinder.exe
    2014-12-03 20:44 - 2014-11-12 14:58 - 0176640 _____ (ContentSinder Company) C:\Users\User\AppData\Local\ContentSinder.exe
    2014-12-03 20:41 - 2013-03-18 17:45 - 1122304 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\Users\User\AppData\Local\libeay32.dll
    2014-12-03 20:41 - 2014-12-04 01:31 - 0135625 _____ () C:\Users\User\AppData\Local\log.txt
    2014-12-03 20:41 - 2011-06-11 00:58 - 0421200 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\msvcp100.dll
    2014-12-03 20:41 - 2011-06-11 00:58 - 0773968 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\msvcr100.dll
    2014-10-23 11:57 - 2014-10-23 11:56 - 0612212 _____ (CMI Limited) C:\Users\User\AppData\Local\nsvE821.tmp
    2014-10-23 12:08 - 2014-10-23 12:08 - 0612212 _____ (CMI Limited) C:\Users\User\AppData\Local\nsx149B.tmp
    2014-12-03 20:41 - 2014-07-07 10:54 - 2599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtCore4.dll
    2014-12-03 20:41 - 2014-04-20 02:43 - 8587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtGui4.dll
    2014-12-03 20:41 - 2014-04-20 02:38 - 1053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtNetwork4.dll
    2014-12-03 20:41 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\User\AppData\Local\QtWebKit4.dll
    2014-12-03 20:44 - 2014-12-04 01:31 - 0168224 _____ () C:\Users\User\AppData\Local\sinder.txt
    2014-12-03 20:41 - 2013-03-18 17:45 - 0274432 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) C:\Users\User\AppData\Local\ssleay32.dll
    2014-12-03 20:41 - 2014-12-04 01:31 - 0182947 _____ () C:\Users\User\AppData\Local\viewer.txt

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-28 16:01

    ==================== End Of Log ============================

    ADD

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by User at 2015-01-25 16:33:04
    Running from C:\Users\User\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    STM TPM Driver 1.0.4.15 - 32 bits (HKLM-x32\...\{61358035-3039-4164-8B17-00063C0AC747}_is1) (Version: - STMicroelectronics)
    STMicroelectronics Trusted Platform Module (HKLM-x32\...\{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}) (Version: 1.0.4.14 - STMicroelectronics, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    23-10-2014 20:47:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    23-10-2014 21:39:36 Removed DriverUpdate
    25-10-2014 14:04:43 Windows Update
    29-10-2014 10:31:53 Windows Update
    01-11-2014 19:09:22 Windows Update
    05-11-2014 10:51:25 Windows Update
    12-11-2014 12:24:20 Windows Update
    12-11-2014 22:07:32 Windows Update
    26-11-2014 11:20:01 Windows Update
    26-11-2014 11:45:26 Windows Update
    29-11-2014 18:54:19 Windows Update
    30-11-2014 11:10:28 Installed AVG 2015
    30-11-2014 11:10:47 Installed AVG 2015
    30-11-2014 11:15:47 RCP Sun, Nov 30, 14 11:15
    01-12-2014 21:20:03 Removed 7-Zip 9.20 (x64 edition)
    02-12-2014 19:30:30 Removed AVG 2015
    02-12-2014 19:32:07 Removed AVG 2015
    02-12-2014 19:43:19 Removed Adobe Reader XI (11.0.09).
    02-12-2014 19:44:14 Removed Visual Studio 2012 x86 Redistributables
    02-12-2014 19:44:31 Removed Visual Studio 2012 x64 Redistributables
    03-12-2014 19:21:41 Windows Update
    03-12-2014 20:29:49 Device Driver Package Install: Apowersoft Sound, video and game controllers
    03-12-2014 23:43:50 Installed Java 7 Update 71
    06-12-2014 21:48:03 Windows Update
    10-12-2014 21:20:52 Windows Update
    17-12-2014 10:54:48 Windows Update
    18-12-2014 12:22:38 Windows Update
    24-12-2014 10:47:20 Windows Update
    31-12-2014 11:20:49 Windows Update
    03-01-2015 21:51:11 Windows Update
    07-01-2015 16:30:51 Windows Update
    10-01-2015 21:13:40 Windows Update
    14-01-2015 09:42:24 Windows Update
    14-01-2015 19:47:52 Windows Update
    21-01-2015 10:41:21 Windows Update
    24-01-2015 12:02:40 Windows Update

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A9F6B0-BF55-4AA9-BDA1-AF0F925CA123} - \SPDriver No Task File <==== ATTENTION
    Task: {1FE36D81-4347-4C7F-995B-5EF8A898F3BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-22] (Piriform Ltd)
    Task: {30E732DB-6362-4432-8662-17C6A3BFA035} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {39915CE7-5294-47CE-8D97-0076909CC6C9} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {4DC5D900-4FA8-44AA-8785-1ADEEBBBBA62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
    Task: {7367F4B3-FAD1-4026-827A-A8E52297B1F0} - System32\Tasks\{8C96B9CA-2D16-4D74-B52E-71A5CA3E254C} => pcalua.exe -a C:\Installation\Amt\LMS_SOL_Win2k_allXP_Vista32_5.2.0.1019_PV.exe -d C:\Installation\Amt
    Task: {7948320F-EDD3-491F-91D3-9BF0F94CCCC4} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {85786B1B-953E-4CE6-BF8B-440EBAE675B7} - System32\Tasks\{4CC87FDC-C0D4-466D-8479-A3FBAF0075E6} => pcalua.exe -a C:\Installation\Tpm\TPM_XP64_1.0.4.14_PV_STMICRO.EXE -d C:\Users\User\Desktop
    Task: {89F74260-0E45-4A04-A929-C22C6FE74909} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - User) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {9258E63E-D58D-41B1-8FD3-41857B037F86} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {A8D2C64B-E964-4EA9-A7D6-6076988AF3C0} - System32\Tasks\{B0CF1CDB-E408-4BAA-B08B-1F5A468BDDE6} => pcalua.exe -a C:\Installation\Management\HECI_allOS_2.1.22.1033_PV.exe -d C:\Installation\Management
    Task: {A9DA2B3A-5DE2-4B2E-87C3-61D1CC9CFA86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {CB22F41B-610F-48CD-9D9C-D8B5A3CBF6A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
    Task: {D8401B77-7559-4D2E-AF37-E5413A60320A} - \SPBIW_UpdateTask_Time_333735383136353630382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
    Task: {E75A929F-1C59-45AD-B55C-2A1F2BADD119} - \ShopperPro No Task File <==== ATTENTION
    Task: {E8BFA245-DA07-4D1F-9E26-C4DDE562A916} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {F5ED41E1-0D4D-407E-A593-85D6DC131850} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {FF7D95F4-B8BF-4708-B9D9-6FF63367AF3B} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - User).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-11 16:34 - 2015-01-11 16:34 - 02057728 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2015-01-11 17:05 - 2014-12-06 14:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3565841853-2135406614-420602517-500 - Administrator - Disabled)
    Guest (S-1-5-21-3565841853-2135406614-420602517-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3565841853-2135406614-420602517-1005 - Limited - Enabled)
    User (S-1-5-21-3565841853-2135406614-420602517-1001 - Administrator - Enabled) => C:\Users\User

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/25/2015 03:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 03:10:58 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 11:28:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 11:27:05 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:47:51 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:12:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:11:38 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/24/2015 04:43:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/24/2015 04:41:37 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file


    System errors:
    =============
    Error: (01/25/2015 03:11:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:11:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:10:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 11:27:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:34:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 03:34:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 00:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (01/25/2015 00:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (01/25/2015 03:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 03:10:58 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 11:28:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 11:27:05 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:47:51 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/25/2015 00:12:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2015 00:11:38 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file

    Error: (01/24/2015 04:43:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/24/2015 04:41:37 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: Error: Can't open hosts file


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 53%
    Total physical RAM: 3053.51 MB
    Available physical RAM: 1425.09 MB
    Total Pagefile: 6105.2 MB
    Available Pagefile: 4357.9 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.42 GB) (Free:390.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01EC01EB)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;

    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe

  6. #6
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    All done Joe

    # AdwCleaner v4.110 - Logfile created 07/02/2015 at 10:11:06
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : User - WINDOWS-TI1NND5
    # Running from : C:\Users\User\Downloads\adwcleaner_4.110.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Windows\System32\roboot64.exe
    Folder Found : C:\Program Files (x86)\DiigiSaeveer
    Folder Found : C:\Program Files (x86)\Driver Pro
    Folder Found : C:\Program Files (x86)\Driver Support
    Folder Found : C:\Program Files (x86)\DuownaSavvE
    Folder Found : C:\Program Files (x86)\ExssTraSuavings
    Folder Found : C:\Program Files (x86)\globalUpdate
    Folder Found : C:\Program Files (x86)\GReatSave4UU
    Folder Found : C:\Program Files (x86)\predm
    Folder Found : C:\Program Files (x86)\SaveLootts
    Folder Found : C:\Program Files (x86)\SaveNewaApppz
    Folder Found : C:\Program Files (x86)\unisalEEs
    Folder Found : C:\ProgramData\14574614800768257418
    Folder Found : C:\ProgramData\apkikdnhcgaljjleonddelhcplidjaea
    Folder Found : C:\ProgramData\AVG Security Toolbar
    Folder Found : C:\ProgramData\ca436ef111f14d8a
    Folder Found : C:\ProgramData\DisscouuntExtensi
    Folder Found : C:\ProgramData\dkfpjhffcljoobbpahaoolfdnmneojgp
    Folder Found : C:\ProgramData\Driver Support
    Folder Found : C:\ProgramData\foncfamnhijoekhgepkbkfaefeejibgj
    Folder Found : C:\ProgramData\gmoegnlidhgaggocakgpnkgichalnjcj
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
    Folder Found : C:\ProgramData\NNewSAver
    Folder Found : C:\Users\User\AppData\Local\CrashRpt
    Folder Found : C:\Users\User\AppData\Local\globalUpdate
    Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akiddnbmncobphmmnjifcnaimefolggi
    Folder Found : C:\Users\User\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
    Folder Found : C:\Users\User\AppData\Roaming\Systweak

    ***** [ Scheduled tasks ] *****

    Task Found : APSnotifierPP1
    Task Found : APSnotifierPP2
    Task Found : APSnotifierPP3
    Task Found : LaunchSignup
    Task Found : ShopperPro
    Task Found : ShopperProJSUpd
    Task Found : SPDriver
    Task Found : YTDownloader

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AnyProtect
    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKCU\Software\GlobalUpdate
    Key Found : HKCU\Software\Optimizer Pro
    Key Found : HKCU\Software\ShopperPro
    Key Found : [x64] HKCU\Software\AnyProtect
    Key Found : [x64] HKCU\Software\GlobalUpdate
    Key Found : [x64] HKCU\Software\Optimizer Pro
    Key Found : [x64] HKCU\Software\ShopperPro
    Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
    Key Found : HKLM\SOFTWARE\TermTutor
    Key Found : HKLM\SOFTWARE\Tutorials
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\ShopperPro
    Key Found : [x64] HKLM\SOFTWARE\YTDownloader

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : apkikdnhcgaljjleonddelhcplidjaea
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gmoegnlidhgaggocakgpnkgichalnjcj
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : akiddnbmncobphmmnjifcnaimefolggi
    *************************

    AdwCleaner[R0].txt - [5615 bytes] - [07/02/2015 10:11:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5674 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Professional x64
    Ran by User on Sat 07/02/2015 at 10:29:42.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\Tasks\APSnotifierPP1.job
    Successfully deleted: [File] C:\Windows\Tasks\APSnotifierPP2.job
    Successfully deleted: [File] C:\Windows\Tasks\APSnotifierPP3.job



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\DisscouuntExtensi
    Successfully deleted: [Folder] C:\ProgramData\NNewSAver
    Successfully deleted: [Folder] "C:\ProgramData\driver support"
    Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\User\appdata\local\globalupdate"
    Successfully deleted: [Folder] "C:\Program Files (x86)\driver pro"
    Successfully deleted: [Folder] "C:\Program Files (x86)\driver support"
    Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
    Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver support"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 07/02/2015 at 10:32:28.83
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Those scans removed a lot of adware. How are things right now ?


    Next

    Farber Recovery Scanner needs to be running fron the desktop. You have it in the downloads folder. Please move to desktop
    To do that:
    • Navagate to your downloads folder-->C:\Users\User\Downloads
    • In the downloads folder find FRST
    • Right click on it,Choose cut
    • Go back to the desktop.
    • On an empty space right click, choose paste.
    • Farber will now have been successfully moved to desktop.


    Tell me when that is done, no need to run a scan, just move to desktop.

    Thanks
    Joe

  8. #8
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Done

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK,

    The adwCleaner tool, could you run that again and use the clean option this time. Somehow I missed that.

    To do that:

    Right click on adwCleaner, run as administrator, Run scan, click report, then click clean.

    Let me know when that is done.

    Joe