need help w/ pop-up

[Holden71]

I scanned with Malwarebytes, but this is still popping up.  I run Win 7 w/ Firefox.  http://rvzr-a.akamaihd.net/sd/wrap-0.01.html?u=http%3A%2F%2Frvzr-a.akamaihd.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1700-1014

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin.....

[Holden71]

Thanks,

 

# AdwCleaner v3.008 - Report created 18/10/2013 at 14:24:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Greg - GREG-PC
# Running from : C:\Users\Greg\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Greg\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\Extensions\tidynetwork@tidynetwork
File Deleted : C:\END
File Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\prefs.js ]

Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.InstallationTime", 1381439512);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.active", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.addressbar", "NA");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundver", 2);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.changeprevious", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.Affiliate_settings.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.Affiliate_settings.value", "%22%7B%5C%22initUrl%5C%22%3A%5C%22hxxp%3A//api.jollywallet.com/[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.InstallationTime.value", "1381439512");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_aoi.value", "%221381439535%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_parent_zoneid.value", "%22350054%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_zoneid.value", "%22383915%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.geo.expiration", "Thu Oct 24 2013 17:46:27 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.geo.value", "%22US%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.jw_token.value", "%2208680900-2859-f730-9d7b-d01b4913e38f%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.key_list_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.key_list_id.value", "%2220120802-000%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.load_balancer.expiration", "Fri Oct 18 2013 14:36:02 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.value", "%22hxxp%3A//search.yahoo.com/search%3B_ylt%3DAoGYleP6S5JBTuKAm5gSvwu[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.user_id.value", "%22141a4361e039998e88a36204758c5396%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.description", "Turn YouTube videos to High Definition by default");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.domain", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.enablesearch", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.homepage", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.iframe", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight [...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_appVer.value", "89");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_lastVersion.value", "2");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_nextCheck.expiration", "Fri Oct 18 2013 14:35:58 GMT-0400 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Day[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.__disable_camp.expiration", "Sat Oct 19 2013 20:07:04 GMT-0400 (Eastern Standard Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.__disable_camp.value", "true");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb._country_code_.value", "%22US%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22i[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_last_executable_request.expiration", "Sat Oct 19 2013 00:56:34 GMT-[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_last_executable_request.value", "%22hxxps%3A//s3.amazonaws.com/dl.m[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.lastDailyReport", "1382099757748");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.lastUpdate", "1382099758645");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.manifesturl", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.name", "Plus-HD-1.6");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.newtab", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.opensearch", "");

Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.pluginsversion", 77);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.publisher", "Plus HD");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.searchstatus", 0);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.setnewtab", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.thankyou", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.updateinterval", 360);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.ver", 89);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.apps", "32002");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.bic", "141a4361e039998e88a36204758c5396");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.cid", 32002);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.firstrun", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.hadappinstalled", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.installationdate", 1381439512);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.modetype", "production");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.reportInstall", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.statsDailyCounter", 20);
Line Deleted : user_pref("extensions.crossrider.bic", "141a4361e039998e88a36204758c5396");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "ff9991bf-89bf-43af-93b7-3552bc5083aa");

*************************

AdwCleaner[R0].txt - [18238 octets] - [18/10/2013 14:21:32]
AdwCleaner[s0].txt - [18367 octets] - [18/10/2013 14:24:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18428 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Greg (administrator) on GREG-PC on 18-10-2013 14:47:49
Running from C:\Users\Greg\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [sBRegRebootCleaner] - "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Chessmaster® Grandmaster Edition .LNK
ShortcutTarget: Registration Chessmaster® Grandmaster Edition .LNK -> C:\Program Files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe ()
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Chessmaster® Grandmaster Edition.LNK
ShortcutTarget: Registration Chessmaster® Grandmaster Edition.LNK -> C:\Program Files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A3C6AD7D233CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {17CEEF20-1CDD-4B87-9986-39B4B11359E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {2068482B-18E6-40E3-BE10-D379922C8A17} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {B1D68366-CE67-499C-A9A1-E5D737EA159E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {17CEEF20-1CDD-4B87-9986-39B4B11359E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {2068482B-18E6-40E3-BE10-D379922C8A17} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {B1D68366-CE67-499C-A9A1-E5D737EA159E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
SearchScopes: HKCU - {E519AA1F-E8A8-47ED-92E3-BCFB65055819} URL = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default
FF Homepage: www.yahoo.com

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: Lavasoft Search Plugin - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: No Name - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\2hmudzba.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: BasicServe - C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF HKCU\...\Firefox\Extensions: [jid1-xt10ZvWuMT9CDw@jetpack] - C:\Program Files\PriceDetect\Plugins\PDFF\

========================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-22] (BitRaider, LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 14:35 - 2013-10-18 14:35 - 00000000 ____D C:\FRST
2013-10-18 14:34 - 2013-10-18 14:33 - 01087213 _____ (Farbar) C:\Users\Greg\Desktop\FRST.exe
2013-10-18 14:31 - 2013-10-18 14:31 - 00018509 _____ C:\Users\Greg\Desktop\AdwCleaner[s0] scan1.txt
2013-10-18 14:21 - 2013-10-18 14:25 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:20 - 2013-10-18 14:20 - 01050644 _____ C:\Users\Greg\Desktop\AdwCleaner.exe
2013-10-18 14:18 - 2013-10-18 14:18 - 01825064 _____ (Fusion Install        ) C:\Users\Greg\Downloads\Setup.exe
2013-10-17 15:57 - 2013-10-17 15:57 - 00017526 _____ C:\Users\Greg\Desktop\crossing.htm
2013-10-14 12:31 - 2013-10-14 12:31 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Malwarebytes
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-14 12:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-14 12:28 - 2013-10-14 12:28 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-14 12:25 - 2013-10-14 12:25 - 00145096 _____ C:\Windows\Minidump\101413-28844-01.dmp
2013-10-14 12:25 - 2013-10-14 12:25 - 00000000 ____D C:\Windows\Minidump
2013-10-11 09:32 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 09:32 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 09:32 - 2013-09-22 19:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 09:32 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 09:32 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 09:32 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 09:32 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 17:32 - 2013-10-10 17:32 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Thunderbird
2013-10-10 17:32 - 2013-10-10 17:32 - 00000000 ____D C:\Users\Greg\AppData\Local\Thunderbird
2013-10-10 17:07 - 2013-10-10 17:07 - 00000000 _____ C:\ProgramData\2f3b363342223a_c
2013-10-10 17:06 - 2013-10-10 18:30 - 00000000 ____D C:\Program Files\PriceDetect
2013-10-09 21:27 - 2013-10-09 21:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-09 21:19 - 2013-10-09 21:49 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Apple Computer
2013-10-09 21:19 - 2013-10-09 21:19 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-09 21:19 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-10-09 21:18 - 2013-10-09 21:18 - 00000000 ____D C:\Program Files\iPod
2013-10-09 21:17 - 2013-10-09 21:19 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-09 21:17 - 2013-10-09 21:19 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 21:17 - 2013-10-09 21:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-09 21:15 - 2013-10-09 21:15 - 00000000 ____D C:\Users\Greg\AppData\Local\Apple
2013-10-09 21:15 - 2013-10-09 21:15 - 00000000 ____D C:\Program Files\Apple Software Update
2013-10-09 21:14 - 2013-10-09 21:14 - 00000000 ____D C:\Program Files\Bonjour
2013-10-09 21:12 - 2013-10-09 21:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-09 21:12 - 2013-10-09 21:15 - 00000000 ____D C:\ProgramData\Apple
2013-10-09 17:15 - 2013-09-13 20:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:15 - 2013-09-07 22:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:15 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:15 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 17:15 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:15 - 2013-08-28 21:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:15 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:15 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:15 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:15 - 2013-08-01 07:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:15 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:15 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:15 - 2013-07-02 23:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:15 - 2013-07-02 23:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:15 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:15 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:15 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:15 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:15 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:14 - 2013-08-27 21:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:14 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:14 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:14 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:14 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:14 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-02 20:24 - 2013-10-02 20:24 - 00000039 _____ C:\Users\Greg\Desktop\Etsy, Poshmark, TaskRabbit, and Airbnb.txt
2013-10-02 08:21 - 2013-10-02 08:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-22 13:22 - 2013-09-22 13:22 - 00000000 ____D C:\Users\Greg\AppData\Local\SWTOR
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\Users\Greg\AppData\Local\SWTORPerf
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-22 08:56 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-09-22 08:55 - 2013-09-22 08:55 - 00001404 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-09-22 08:55 - 2013-09-22 08:55 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-22 08:55 - 2013-09-22 08:55 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-09-22 08:54 - 2013-09-22 08:57 - 00014130 _____ C:\Users\Greg\Documents\Install STAR WARS The Old Republic.log
2013-09-22 08:54 - 2013-09-22 08:54 - 00000000 ____D C:\Users\hedev

==================== One Month Modified Files and Folders =======

2013-10-18 14:42 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Greg\AppData\Roaming\BitTorrent
2013-10-18 14:35 - 2013-10-18 14:35 - 00000000 ____D C:\FRST
2013-10-18 14:35 - 2009-07-14 00:34 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 14:35 - 2009-07-14 00:34 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 14:33 - 2013-10-18 14:34 - 01087213 _____ (Farbar) C:\Users\Greg\Desktop\FRST.exe
2013-10-18 14:31 - 2013-10-18 14:31 - 00018509 _____ C:\Users\Greg\Desktop\AdwCleaner[s0] scan1.txt
2013-10-18 14:31 - 2013-04-07 13:52 - 01935154 _____ C:\Windows\WindowsUpdate.log
2013-10-18 14:27 - 2010-11-20 17:48 - 00026548 _____ C:\Windows\PFRO.log
2013-10-18 14:27 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 14:27 - 2009-07-14 00:39 - 00032479 _____ C:\Windows\setupact.log
2013-10-18 14:25 - 2013-10-18 14:21 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:20 - 2013-10-18 14:20 - 01050644 _____ C:\Users\Greg\Desktop\AdwCleaner.exe
2013-10-18 14:18 - 2013-10-18 14:18 - 01825064 _____ (Fusion Install        ) C:\Users\Greg\Downloads\Setup.exe
2013-10-17 15:57 - 2013-10-17 15:57 - 00017526 _____ C:\Users\Greg\Desktop\crossing.htm
2013-10-14 17:30 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SchCache
2013-10-14 17:30 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2013-10-14 12:31 - 2013-10-14 12:31 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Malwarebytes
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 12:31 - 2013-10-14 12:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-14 12:28 - 2013-10-14 12:28 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-14 12:28 - 2013-05-09 18:03 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-10-14 12:25 - 2013-10-14 12:25 - 00145096 _____ C:\Windows\Minidump\101413-28844-01.dmp
2013-10-14 12:25 - 2013-10-14 12:25 - 00000000 ____D C:\Windows\Minidump
2013-10-14 10:14 - 2010-11-20 17:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 16:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:52 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 10:04 - 2013-04-07 18:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-11 10:04 - 2009-07-14 00:33 - 00295072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 09:40 - 2013-07-30 15:59 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 09:35 - 2013-04-07 16:34 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 18:30 - 2013-10-10 17:06 - 00000000 ____D C:\Program Files\PriceDetect
2013-10-10 17:32 - 2013-10-10 17:32 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Thunderbird
2013-10-10 17:32 - 2013-10-10 17:32 - 00000000 ____D C:\Users\Greg\AppData\Local\Thunderbird
2013-10-10 17:07 - 2013-10-10 17:07 - 00000000 _____ C:\ProgramData\2f3b363342223a_c
2013-10-09 21:49 - 2013-10-09 21:19 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Apple Computer
2013-10-09 21:27 - 2013-10-09 21:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-09 21:19 - 2013-10-09 21:19 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-09 21:19 - 2013-10-09 21:17 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-09 21:19 - 2013-10-09 21:17 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 21:19 - 2013-05-05 17:51 - 00000000 ____D C:\Users\Greg\AppData\Local\Apple Computer
2013-10-09 21:18 - 2013-10-09 21:18 - 00000000 ____D C:\Program Files\iPod
2013-10-09 21:17 - 2013-10-09 21:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-09 21:17 - 2013-10-09 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-09 21:15 - 2013-10-09 21:15 - 00000000 ____D C:\Users\Greg\AppData\Local\Apple
2013-10-09 21:15 - 2013-10-09 21:15 - 00000000 ____D C:\Program Files\Apple Software Update
2013-10-09 21:15 - 2013-10-09 21:12 - 00000000 ____D C:\ProgramData\Apple
2013-10-09 21:14 - 2013-10-09 21:14 - 00000000 ____D C:\Program Files\Bonjour
2013-10-02 20:24 - 2013-10-02 20:24 - 00000039 _____ C:\Users\Greg\Desktop\Etsy, Poshmark, TaskRabbit, and Airbnb.txt
2013-10-02 15:07 - 2013-04-07 18:21 - 00000000 ____D C:\Users\Greg\AppData\Local\Mozilla
2013-10-02 08:21 - 2013-10-02 08:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-22 19:28 - 2013-10-11 09:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 19:28 - 2013-10-11 09:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 19:28 - 2013-10-11 09:32 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 19:27 - 2013-10-11 09:32 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 19:27 - 2013-10-11 09:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 13:22 - 2013-09-22 13:22 - 00000000 ____D C:\Users\Greg\AppData\Local\SWTOR
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\Users\Greg\AppData\Local\SWTORPerf
2013-09-22 08:59 - 2013-09-22 08:59 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-22 08:57 - 2013-09-22 08:54 - 00014130 _____ C:\Users\Greg\Documents\Install STAR WARS The Old Republic.log
2013-09-22 08:55 - 2013-09-22 08:55 - 00001404 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-09-22 08:55 - 2013-09-22 08:55 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-22 08:55 - 2013-09-22 08:55 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-09-22 08:54 - 2013-09-22 08:54 - 00000000 ____D C:\Users\hedev
2013-09-20 23:30 - 2013-10-11 09:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 22:39 - 2013-10-11 09:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\BackupSetup.exe
C:\Users\Greg\AppData\Local\Temp\dvd-decrypter.exe
C:\Users\Greg\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Greg\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\ubi34C6.tmp.exe
C:\Users\Greg\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 09:18

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Greg at 2013-10-18 14:48:21
Running from C:\Users\Greg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader 8 (Version: 8.0.0)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
BitRaider Web Client (Version: 1.1.8.1)
Bonjour (Version: 3.0.0.10)
Chessmaster Grandmaster Edition (Version: 1.00.0000)
DVD Decrypter (Remove Only)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Majestic Chess (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Star Wars The Old Republic (Version: 7.0.0.14)
Star Wars: The Old Republic (Version: 1.00)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.1.18.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

23-08-2013 17:14:45 Scheduled Checkpoint
31-08-2013 17:37:03 Scheduled Checkpoint
08-09-2013 20:11:55 Scheduled Checkpoint
13-09-2013 11:12:03 Windows Update
20-09-2013 21:41:45 Scheduled Checkpoint
22-09-2013 12:56:08 Installed DirectX
29-09-2013 13:48:53 Scheduled Checkpoint
06-10-2013 20:20:08 Scheduled Checkpoint
10-10-2013 01:15:43 Installed iTunes
11-10-2013 13:18:53 Windows Update
15-10-2013 12:57:01 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A447461-E0AA-49F6-A667-12E43FA28E84} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DE9600FB-3210-4DBD-BDCC-2BEF51D7CCE1} - System32\Tasks\TidyNetwork Update => C:\Users\Greg\AppData\Local\TidyNetwork.com\tidy2update.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 08:21 - 2013-10-02 08:21 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2013 02:29:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11694022

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11694022

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 11:28:50 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 24.0.0.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bb0

Start Time: 01cecbab0231dcd8

Termination Time: 2311

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 5eb57485-37a5-11e3-b8a4-0016d4febf8a

Error: (10/17/2013 10:32:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1190740

Error: (10/17/2013 10:32:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1190740


System errors:
=============
Error: (10/18/2013 02:27:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (10/18/2013 09:27:18 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 11:46:26 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 10:13:00 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 08:03:51 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 06:59:47 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 06:19:29 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 00:46:53 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 00:01:32 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/17/2013 11:22:32 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.


Microsoft Office Sessions:
=========================
Error: (10/18/2013 02:29:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11694022

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11694022

Error: (10/18/2013 00:42:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (10/17/2013 11:46:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 11:28:50 PM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.50011bb001cecbab0231dcd82311C:\Program Files\Mozilla Firefox\firefox.exe5eb57485-37a5-11e3-b8a4-0016d4febf8a

Error: (10/17/2013 10:32:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1190740

Error: (10/17/2013 10:32:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1190740


CodeIntegrity Errors:
===================================
  Date: 2013-10-14 17:16:16.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:16:16.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:16:16.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:12:50.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:12:50.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:12:50.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:11:24.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:11:23.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:11:23.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-14 17:11:00.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.


 

 

 

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, also are you still receiving the pop ups? 

 

fixlist.txt

[Holden71]

Thanks alot....I don't seem to be getting the pop-ups anymore!

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Greg at 2013-10-18 15:48:18 Run:1
Running from C:\Users\Greg\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - {17CEEF20-1CDD-4B87-9986-39B4B11359E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {17CEEF20-1CDD-4B87-9986-39B4B11359E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
C:\Users\Greg\AppData\Local\Temp\BackupSetup.exe
C:\Users\Greg\AppData\Local\Temp\dvd-decrypter.exe
C:\Users\Greg\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Greg\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\ubi34C6.tmp.exe
C:\Users\Greg\AppData\Local\Temp\vcredist_x86.exe
End

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17CEEF20-1CDD-4B87-9986-39B4B11359E2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17CEEF20-1CDD-4B87-9986-39B4B11359E2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17CEEF20-1CDD-4B87-9986-39B4B11359E2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17CEEF20-1CDD-4B87-9986-39B4B11359E2} => Key not found.
C:\Users\Greg\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\dvd-decrypter.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\ubi34C6.tmp.exe => Moved successfully.
C:\Users\Greg\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[kevinf80]

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<--Very important

 

Let me know you have any remaining issues or concerns...

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!