Computer is streaming internet audio on it's own - ads and such

[Sarge]

I use MBAM and MS Security Essentials......neither program finds anything. TDSKiller also finds nothing.

 

Any suggestions on how to proceed in effort to kill this hijack would be appreciated.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[Sarge]

Thanks for jumping in here to try to help me out with this Kevin.

 

This isn't my computer....I don't think the owner is using any P2P stuff....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014

Ran by Mike (administrator) on MIKE-LAPTOP on 03-01-2014 15:12:00

Running from F:\Installers\Security stuff

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamgui.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Farbar) F:\Installers\Security stuff\Farbar Recovery Scan Tool 64 bit.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [] - [x]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM - {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM-x32 - DefaultScope {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = 

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3266331&CUI=UN32971446690606397

SearchScopes: HKLM-x32 - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKCU - DefaultScope {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN35296702811049218&UM=2

SearchScopes: HKCU - {2F26DE85-003F-4E51-8E1C-DC78FA758670} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS433US433

SearchScopes: HKCU - {41177629-3DF9-447E-AC4A-E327F00E5DF0} URL = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111220&iesrc={referrer:source}

SearchScopes: HKCU - {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN35296702811049218&UM=2

SearchScopes: HKCU - {88C1006C-7B45-47F7-AC2F-E160DCC4D0DD} URL = http://www.search.ask.com/web?tpid=BCPAV7-SAT&o=APN11001&pf=V7&p2=%5EB3N%5EYYYYYY%5EYY%5EUS&gct=sb&itbv=12.7.0.2464&apn_uid=6F84AB4B-733D-4859-8ABE-F33B799E8893&apn_ptnrs=%5EB3N&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_8.0.7600.17267&doi=2013-12-03&trgb=IE&q={searchTerms}&psv=

SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82396&iwk=250&lng=en

SearchScopes: HKCU - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

BHO: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll (APN LLC.)

BHO: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll (APN LLC.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll (APN LLC.)

BHO-x32: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll (APN LLC.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll (APN LLC.)

Toolbar: HKLM - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll (APN LLC.)

Toolbar: HKLM-x32 - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll (APN LLC.)

Toolbar: HKLM-x32 - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll (APN LLC.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll (APN LLC.)

Toolbar: HKCU - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll (APN LLC.)

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QB Enterprise\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.99.2

Tcpip\..\Interfaces\{0C85C0F4-B6F7-417E-AA3B-3295EF88C83E}: [NameServer]24.92.226.11,24.92.226.12

Tcpip\..\Interfaces\{296556BD-6FA7-40DD-BC8D-4977E22657F2}: [NameServer]24.92.226.11,24.92.226.12

 

Chrome: 

=======

CHR DefaultSearchKeyword: search.conduit.com

CHR DefaultSearchProvider: Conduit

CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN25998847682792614&ctid=CT3289663&UM=2

CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Free Ride Games Short) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg\10.13.20.29_0

CHR Extension: (Skype Click to Call) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_1

CHR Extension: (InternetHelper3.1) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Mike\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx

CHR HKLM-x32\...\Chrome\Extension: [jeedhehdfjahfpjhaedmaohbfcdkoolg] - C:\Users\Mike\AppData\Local\CRE\jeedhehdfjahfpjhaedmaohbfcdkoolg.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Mike\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx

 

==================== Services (Whitelisted) =================

 

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-08] (APN LLC.)

R2 MBAMScheduler; C:\Program Files (x86)\ Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\ Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-03 15:11 - 2014-01-03 15:11 - 00000000 ____D C:\FRST

2014-01-03 13:26 - 2014-01-03 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-03 13:26 - 2014-01-03 13:26 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-01-03 13:25 - 2014-01-03 13:25 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-01-02 10:09 - 2014-01-02 10:09 - 00037376 _____ C:\windows\system32\vgojd.ynw

2014-01-02 09:59 - 2014-01-03 12:46 - 00000083 _____ C:\windows\system32\qqcao.cyn

2014-01-02 09:58 - 2014-01-02 10:09 - 00000097 _____ C:\windows\system32\wiuu.upx

2014-01-02 09:58 - 2014-01-02 09:58 - 00000064 _____ C:\windows\system32\ghyjwn.eyt

2014-01-02 09:42 - 2014-01-02 09:42 - 00219314 ____S C:\windows\system32\wrukyso.gcj

2013-12-23 16:53 - 2013-12-23 16:53 - 00000000 ____D C:\ProgramData\WEBREG

2013-12-23 16:52 - 2013-12-23 16:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP

2013-12-23 16:48 - 2013-12-31 07:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate

2013-12-23 16:48 - 2013-12-24 09:36 - 00000000 ____D C:\ProgramData\Yahoo! Companion

2013-12-23 16:48 - 2013-12-23 16:48 - 00001068 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-12-23 16:47 - 2013-12-23 16:47 - 00001132 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00001286 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-23 16:43 - 2009-04-16 14:08 - 00136704 _____ (Hewlett-Packard Company) C:\windows\system32\hpf3l70v.dll

2013-12-23 16:42 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-23 16:41 - 2013-12-23 16:53 - 00208445 _____ C:\windows\hpoins43.dat

2013-12-23 16:41 - 2013-12-23 16:53 - 00001280 _____ C:\ProgramData\hpzinstall.log

2013-12-23 16:41 - 2013-12-23 16:52 - 00000000 ____D C:\ProgramData\HP

2013-12-23 16:41 - 2013-12-23 16:41 - 00000000 ____D C:\Program Files\HP

2013-12-23 16:41 - 2010-01-30 08:11 - 00000601 ____N C:\windows\hpomdl43.dat

2013-12-23 16:40 - 2009-04-16 06:53 - 00642360 _____ (Hewlett-Packard) C:\windows\system32\hpzids40.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 01403904 _____ (Hewlett-Packard Co.) C:\windows\system32\hpost_p02c.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 00880640 _____ (Hewlett-Packard) C:\windows\system32\hposwia_p02c.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 00515072 _____ (Hewlett-Packard Co.) C:\windows\system32\hposc_p02a.dll

2013-12-23 16:40 - 2008-10-28 19:27 - 00551424 _____ (Hewlett-Packard) C:\windows\system32\hppldcoi.dll

2013-12-18 07:25 - 2013-12-18 07:25 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-17 09:35 - 2013-12-17 14:13 - 00000000 ____D C:\Users\Mike\Documents\Flower City Communications Files

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0

 

==================== One Month Modified Files and Folders =======

 

2014-01-03 15:11 - 2014-01-03 15:11 - 00000000 ____D C:\FRST

2014-01-03 14:49 - 2012-04-04 06:09 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-03 14:41 - 2009-07-14 00:13 - 00876314 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-03 14:39 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-03 14:39 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-03 14:35 - 2011-05-26 17:40 - 01632851 _____ C:\windows\WindowsUpdate.log

2014-01-03 14:32 - 2013-01-04 18:36 - 00013484 _____ C:\windows\setupact.log

2014-01-03 14:32 - 2011-05-26 18:00 - 00000050 _____ C:\windows\system32\SupplicantTest.log

2014-01-03 14:32 - 2010-08-29 23:44 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-03 14:32 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-03 13:51 - 2014-01-03 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-03 13:26 - 2014-01-03 13:26 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-01-03 13:25 - 2014-01-03 13:25 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-01-03 13:08 - 2011-12-22 10:03 - 00000000 ____D C:\windows\pss

2014-01-03 13:08 - 2011-09-18 17:39 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype

2014-01-03 12:46 - 2014-01-02 09:59 - 00000083 _____ C:\windows\system32\qqcao.cyn

2014-01-03 12:18 - 2010-08-29 23:44 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-03 10:49 - 2010-08-30 00:00 - 00273298 _____ C:\windows\PFRO.log

2014-01-03 07:20 - 2012-07-20 13:36 - 00000384 _____ C:\windows\Tasks\Regwork.job

2014-01-02 10:09 - 2014-01-02 10:09 - 00037376 _____ C:\windows\system32\vgojd.ynw

2014-01-02 10:09 - 2014-01-02 09:58 - 00000097 _____ C:\windows\system32\wiuu.upx

2014-01-02 09:58 - 2014-01-02 09:58 - 00000064 _____ C:\windows\system32\ghyjwn.eyt

2014-01-02 09:42 - 2014-01-02 09:42 - 00219314 ____S C:\windows\system32\wrukyso.gcj

2013-12-31 07:34 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate

2013-12-30 14:01 - 2013-11-12 08:46 - 00000000 ____D C:\Users\Mike\Desktop\AT&T Jobs

2013-12-24 09:36 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\Yahoo! Companion

2013-12-24 09:34 - 2009-07-13 23:45 - 00417368 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-23 16:54 - 2013-12-23 16:52 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP

2013-12-23 16:53 - 2013-12-23 16:53 - 00000000 ____D C:\ProgramData\WEBREG

2013-12-23 16:53 - 2013-12-23 16:41 - 00208445 _____ C:\windows\hpoins43.dat

2013-12-23 16:53 - 2013-12-23 16:41 - 00001280 _____ C:\ProgramData\hpzinstall.log

2013-12-23 16:52 - 2013-12-23 16:41 - 00000000 ____D C:\ProgramData\HP

2013-12-23 16:52 - 2011-05-26 15:28 - 00103232 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-23 16:52 - 2009-07-13 21:34 - 00000534 _____ C:\windows\win.ini

2013-12-23 16:48 - 2013-12-23 16:48 - 00001068 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-12-23 16:48 - 2013-12-23 16:42 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-23 16:47 - 2013-12-23 16:47 - 00001132 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00001286 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-23 16:41 - 2013-12-23 16:41 - 00000000 ____D C:\Program Files\HP

2013-12-18 07:25 - 2013-12-18 07:25 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-18 07:25 - 2010-08-29 23:43 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-17 14:13 - 2013-12-17 09:35 - 00000000 ____D C:\Users\Mike\Documents\Flower City Communications Files

2013-12-17 10:45 - 2011-09-02 08:50 - 00000000 ____D C:\Users\Mike\Documents\Wegmans MOTOTRBO

2013-12-17 07:14 - 2013-07-13 02:00 - 00000000 ____D C:\windows\system32\MRT

2013-12-17 07:11 - 2011-05-31 07:12 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-12-12 15:22 - 2013-10-02 13:21 - 00501760 _____ C:\Users\Mike\Desktop\Current Customer List (10-2-13).xls

2013-12-12 08:06 - 2011-05-27 09:19 - 00889812 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2013-12-12 07:19 - 2012-04-04 09:50 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 09:51 - 2011-05-27 08:18 - 00000088 _____ C:\windows\QBChanUtil_Trigger.ini

2013-12-11 09:49 - 2012-04-04 06:09 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 09:49 - 2012-04-04 06:09 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-12-11 09:49 - 2011-10-03 07:58 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-10 17:21 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0

2013-12-05 11:28 - 2012-09-28 08:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Citrix

 

Some content of TEMP:

====================

C:\Users\Mike\AppData\Local\Temp\air236B.exe

C:\Users\Mike\AppData\Local\Temp\air8D04.exe

C:\Users\Mike\AppData\Local\Temp\airC012.exe

C:\Users\Mike\AppData\Local\Temp\airDEFB.exe

C:\Users\Mike\AppData\Local\Temp\BackupSetup.exe

C:\Users\Mike\AppData\Local\Temp\BetOnline Updater.exe

C:\Users\Mike\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aaa_aih[1].exe

C:\Users\Mike\AppData\Local\Temp\tbFree.dll

C:\Users\Mike\AppData\Local\Temp\tbInte.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-12 10:23

 

==================== End Of Log ============================

Addition.txt

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Post those logs, let me know if any change/improvement..

 

Kevin

fixlist.txt

[Sarge]

Logs :

 

 

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014

Ran by Mike at 2014-01-03 18:14:15 Run:1

Running from F:\Installers\Security stuff

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-08] (APN LLC.)

C:\Program Files (x86)\AskPartnerNetwork

2014-01-02 10:09 - 2014-01-02 10:09 - 00037376 _____ C:\windows\system32\vgojd.ynw

2014-01-02 09:59 - 2014-01-03 12:46 - 00000083 _____ C:\windows\system32\qqcao.cyn

2014-01-02 09:58 - 2014-01-02 10:09 - 00000097 _____ C:\windows\system32\wiuu.upx

2014-01-02 09:58 - 2014-01-02 09:58 - 00000064 _____ C:\windows\system32\ghyjwn.eyt

2014-01-02 09:42 - 2014-01-02 09:42 - 00219314 ____S C:\windows\system32\wrukyso.gcj

C:\Users\Mike\AppData\Local\Temp\air236B.exe

C:\Users\Mike\AppData\Local\Temp\air8D04.exe

C:\Users\Mike\AppData\Local\Temp\airC012.exe

C:\Users\Mike\AppData\Local\Temp\airDEFB.exe

C:\Users\Mike\AppData\Local\Temp\BackupSetup.exe

C:\Users\Mike\AppData\Local\Temp\BetOnline Updater.exe

C:\Users\Mike\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aaa_aih[1].exe

C:\Users\Mike\AppData\Local\Temp\tbFree.dll

C:\Users\Mike\AppData\Local\Temp\tbInte.dll

AlternateDataStreams: C:\ProgramData\TEMP:D346F792

End

 

 

 

*****************

 

APNMCP => Service deleted successfully.

C:\Program Files (x86)\AskPartnerNetwork => Moved successfully.

C:\windows\system32\vgojd.ynw => Moved successfully.

C:\windows\system32\qqcao.cyn => Moved successfully.

Could not move "C:\windows\system32\wiuu.upx" => Scheduled to move on reboot.

C:\windows\system32\ghyjwn.eyt => Moved successfully.

Could not move "C:\windows\system32\wrukyso.gcj" => Scheduled to move on reboot.

"C:\Users\Mike\AppData\Local\Temp\air236B.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\air8D04.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\airC012.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\airDEFB.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\BetOnline Updater.exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aaa_aih[1].exe" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\tbFree.dll" => File/Directory not found.

"C:\Users\Mike\AppData\Local\Temp\tbInte.dll" => File/Directory not found.

C:\ProgramData\TEMP => ":D346F792" ADS removed successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-03 18:15:44)<=

 

"C:\windows\system32\wiuu.upx" => File could not move.

"C:\windows\system32\wrukyso.gcj" => File could not move.

 

==== End of Fixlog ====

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.03.03

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Mike :: MIKE-LAPTOP [administrator]

 

Protection: Enabled

 

1/3/2014 6:17:17 PM

mbam-log-2014-01-03 (18-17-17).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 421987

Time elapsed: 1 hour(s), 9 minute(s), 34 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

# AdwCleaner v3.016 - Report created 03/01/2014 at 19:28:25

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium  (64 bits)

# Username : Mike - MIKE-LAPTOP

# Running from : F:\Installers\Security stuff\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

Folder Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg

Folder Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\MyPC Backup

Folder Found C:\ProgramData\apn

Folder Found C:\ProgramData\AskPartnerNetwork

Folder Found C:\ProgramData\Partner

Folder Found C:\Users\Mike\AppData\Local\apn

Folder Found C:\Users\Mike\AppData\Local\AskPartnerNetwork

Folder Found C:\Users\Mike\AppData\Local\Conduit

Folder Found C:\Users\Mike\AppData\LocalLow\Conduit

Folder Found C:\Users\Mike\AppData\LocalLow\PriceGong

Folder Found C:\Users\Mike\AppData\Roaming\pccustubinstaller

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\RewardsArcade

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\Google\Chrome\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg

Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Zugo

Key Found : [x64] HKCU\Software\AskPartnerNetwork

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Cr_Installer

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : [x64] HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\Zugo

Key Found : HKLM\Software\AskPartnerNetwork

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\RewardsArcade.BHO

Key Found : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox

Key Found : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3266331

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289663

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-earth[1]_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-earth[1]_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp498@crossrider.com]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

Found : search_url

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

 

*************************

 

AdwCleaner[R0].txt - [10200 octets] - [03/01/2014 19:28:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10261 octets] ##########

 

 

[kevinf80]

Re-run AdwareCleaner, this time also use the "Clean" option and remove all of the "found" entries identified in last log.

 

Next,

 

Re-run FRST and post a fresh log. Can you also tell me if the original issue is still present?

[Sarge]

I think maybe that did it......all is quiet at the moment.....

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014

Ran by Mike (administrator) on MIKE-LAPTOP on 04-01-2014 07:07:35

Running from F:\Installers\Security stuff

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamgui.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Farbar) F:\Installers\Security stuff\Farbar Recovery Scan Tool 64 bit.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [] - [x]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM - {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKLM-x32 - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

SearchScopes: HKCU - {2F26DE85-003F-4E51-8E1C-DC78FA758670} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS433US433

SearchScopes: HKCU - {41177629-3DF9-447E-AC4A-E327F00E5DF0} URL = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111220&iesrc={referrer:source}

SearchScopes: HKCU - {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN35296702811049218&UM=2

SearchScopes: HKCU - {88C1006C-7B45-47F7-AC2F-E160DCC4D0DD} URL = http://www.search.ask.com/web?tpid=BCPAV7-SAT&o=APN11001&pf=V7&p2=%5EB3N%5EYYYYYY%5EYY%5EUS&gct=sb&itbv=12.7.0.2464&apn_uid=6F84AB4B-733D-4859-8ABE-F33B799E8893&apn_ptnrs=%5EB3N&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_8.0.7600.17267&doi=2013-12-03&trgb=IE&q={searchTerms}&psv=

SearchScopes: HKCU - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

BHO: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File

BHO: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll" No File

BHO-x32: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll" No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File

Toolbar: HKLM - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File

Toolbar: HKLM-x32 - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll" No File

Toolbar: HKLM-x32 - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll" No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File

Toolbar: HKCU - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QB Enterprise\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Tcpip\..\Interfaces\{0C85C0F4-B6F7-417E-AA3B-3295EF88C83E}: [NameServer]24.92.226.11,24.92.226.12

Tcpip\..\Interfaces\{296556BD-6FA7-40DD-BC8D-4977E22657F2}: [NameServer]24.92.226.11,24.92.226.12

 

Chrome: 

=======

CHR DefaultSearchProvider: Conduit

CHR DefaultSearchURL: http://www.google.com

CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Skype Click to Call) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_1

CHR Extension: (Chrome In-App Payments service) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Mike\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\ Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\ Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-03 19:28 - 2014-01-04 07:07 - 00000000 ____D C:\AdwCleaner

2014-01-03 18:15 - 2014-01-03 18:15 - 00000064 _____ C:\windows\system32\ghyjwn.eyt

2014-01-03 18:10 - 2014-01-04 07:05 - 00000168 _____ C:\windows\setupact.log

2014-01-03 18:10 - 2014-01-03 18:10 - 00000000 _____ C:\windows\setuperr.log

2014-01-03 16:09 - 2014-01-03 16:09 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Applications

2014-01-03 16:08 - 2014-01-03 16:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Applications

2014-01-03 15:11 - 2014-01-03 18:15 - 00000000 ____D C:\FRST

2014-01-03 13:26 - 2014-01-03 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-03 13:25 - 2014-01-03 13:25 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-01-02 09:58 - 2014-01-02 10:09 - 00000097 _____ C:\windows\system32\wiuu.upx

2014-01-02 09:42 - 2014-01-02 09:42 - 00219314 _____ C:\windows\system32\wrukyso.gcj

2013-12-23 16:53 - 2013-12-23 16:53 - 00000000 ____D C:\ProgramData\WEBREG

2013-12-23 16:52 - 2013-12-23 16:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP

2013-12-23 16:48 - 2013-12-31 07:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate

2013-12-23 16:48 - 2013-12-24 09:36 - 00000000 ____D C:\ProgramData\Yahoo! Companion

2013-12-23 16:48 - 2013-12-23 16:48 - 00001068 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-12-23 16:47 - 2013-12-23 16:47 - 00001132 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00001286 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-23 16:43 - 2009-04-16 14:08 - 00136704 _____ (Hewlett-Packard Company) C:\windows\system32\hpf3l70v.dll

2013-12-23 16:42 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-23 16:41 - 2013-12-23 16:53 - 00208445 _____ C:\windows\hpoins43.dat

2013-12-23 16:41 - 2013-12-23 16:53 - 00001280 _____ C:\ProgramData\hpzinstall.log

2013-12-23 16:41 - 2013-12-23 16:52 - 00000000 ____D C:\ProgramData\HP

2013-12-23 16:41 - 2013-12-23 16:41 - 00000000 ____D C:\Program Files\HP

2013-12-23 16:41 - 2010-01-30 08:11 - 00000601 ____N C:\windows\hpomdl43.dat

2013-12-23 16:40 - 2009-04-16 06:53 - 00642360 _____ (Hewlett-Packard) C:\windows\system32\hpzids40.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 01403904 _____ (Hewlett-Packard Co.) C:\windows\system32\hpost_p02c.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 00880640 _____ (Hewlett-Packard) C:\windows\system32\hposwia_p02c.dll

2013-12-23 16:40 - 2009-02-11 06:03 - 00515072 _____ (Hewlett-Packard Co.) C:\windows\system32\hposc_p02a.dll

2013-12-23 16:40 - 2008-10-28 19:27 - 00551424 _____ (Hewlett-Packard) C:\windows\system32\hppldcoi.dll

2013-12-18 07:25 - 2013-12-18 07:25 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-17 09:35 - 2013-12-17 14:13 - 00000000 ____D C:\Users\Mike\Documents\Flower City Communications Files

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0

 

==================== One Month Modified Files and Folders =======

 

2014-01-04 07:07 - 2014-01-03 19:28 - 00000000 ____D C:\AdwCleaner

2014-01-04 07:05 - 2014-01-03 18:10 - 00000168 _____ C:\windows\setupact.log

2014-01-04 07:05 - 2011-05-26 18:00 - 00000050 _____ C:\windows\system32\SupplicantTest.log

2014-01-04 07:05 - 2010-08-29 23:44 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-04 07:05 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-04 07:04 - 2011-05-26 17:40 - 01647543 _____ C:\windows\WindowsUpdate.log

2014-01-04 07:02 - 2012-04-04 06:09 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-04 07:02 - 2010-08-29 23:44 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-03 18:22 - 2009-07-14 00:13 - 00876314 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-03 18:22 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-03 18:22 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-03 18:15 - 2014-01-03 18:15 - 00000064 _____ C:\windows\system32\ghyjwn.eyt

2014-01-03 18:15 - 2014-01-03 15:11 - 00000000 ____D C:\FRST

2014-01-03 18:10 - 2014-01-03 18:10 - 00000000 _____ C:\windows\setuperr.log

2014-01-03 16:09 - 2014-01-03 16:09 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Applications

2014-01-03 16:08 - 2014-01-03 16:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Applications

2014-01-03 13:51 - 2014-01-03 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-03 13:25 - 2014-01-03 13:25 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-01-03 13:08 - 2011-12-22 10:03 - 00000000 ____D C:\windows\pss

2014-01-03 13:08 - 2011-09-18 17:39 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype

2014-01-03 10:49 - 2010-08-30 00:00 - 00273298 _____ C:\windows\PFRO.log

2014-01-03 07:20 - 2012-07-20 13:36 - 00000384 _____ C:\windows\Tasks\Regwork.job

2014-01-02 10:09 - 2014-01-02 09:58 - 00000097 _____ C:\windows\system32\wiuu.upx

2014-01-02 09:42 - 2014-01-02 09:42 - 00219314 _____ C:\windows\system32\wrukyso.gcj

2013-12-31 07:34 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate

2013-12-30 14:01 - 2013-11-12 08:46 - 00000000 ____D C:\Users\Mike\Desktop\AT&T Jobs

2013-12-24 09:36 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\Yahoo! Companion

2013-12-24 09:34 - 2009-07-13 23:45 - 00417368 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-23 16:54 - 2013-12-23 16:52 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP

2013-12-23 16:53 - 2013-12-23 16:53 - 00000000 ____D C:\ProgramData\WEBREG

2013-12-23 16:53 - 2013-12-23 16:41 - 00208445 _____ C:\windows\hpoins43.dat

2013-12-23 16:53 - 2013-12-23 16:41 - 00001280 _____ C:\ProgramData\hpzinstall.log

2013-12-23 16:52 - 2013-12-23 16:41 - 00000000 ____D C:\ProgramData\HP

2013-12-23 16:52 - 2011-05-26 15:28 - 00103232 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-23 16:52 - 2009-07-13 21:34 - 00000534 _____ C:\windows\win.ini

2013-12-23 16:48 - 2013-12-23 16:48 - 00001068 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-23 16:48 - 2013-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-12-23 16:48 - 2013-12-23 16:42 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-23 16:47 - 2013-12-23 16:47 - 00001132 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00001286 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-23 16:46 - 2013-12-23 16:46 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-23 16:41 - 2013-12-23 16:41 - 00000000 ____D C:\Program Files\HP

2013-12-18 07:25 - 2013-12-18 07:25 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-18 07:25 - 2010-08-29 23:43 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-17 14:13 - 2013-12-17 09:35 - 00000000 ____D C:\Users\Mike\Documents\Flower City Communications Files

2013-12-17 10:45 - 2011-09-02 08:50 - 00000000 ____D C:\Users\Mike\Documents\Wegmans MOTOTRBO

2013-12-17 07:14 - 2013-07-13 02:00 - 00000000 ____D C:\windows\system32\MRT

2013-12-17 07:11 - 2011-05-31 07:12 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-12-12 15:22 - 2013-10-02 13:21 - 00501760 _____ C:\Users\Mike\Desktop\Current Customer List (10-2-13).xls

2013-12-12 08:06 - 2011-05-27 09:19 - 00889812 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2013-12-12 07:19 - 2012-04-04 09:50 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 09:51 - 2011-05-27 08:18 - 00000088 _____ C:\windows\QBChanUtil_Trigger.ini

2013-12-11 09:49 - 2012-04-04 06:09 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 09:49 - 2012-04-04 06:09 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-12-11 09:49 - 2011-10-03 07:58 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-10 17:21 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment

2013-12-05 11:28 - 2013-12-05 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0

2013-12-05 11:28 - 2012-09-28 08:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Citrix

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-12 10:23

 

==================== End Of Log ============================

[kevinf80]

There is still many entries showing that need to be removed with AdwCleaner, can you re-run and use the Clean option..

 

Next,

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe 

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
   

  :FilesC:\windows\system32\ghyjwn.eytC:\windows\system32\wiuu.upxC:\windows\system32\wrukyso.gcj:Commands[EmptyTemp]

   
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can be found here:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post both logs....

[Sarge]

Ok, I ran the ADW Cleaner again.....it found only 1 item, under the Chrome tab, and I deleted it........here is the log:

 

# AdwCleaner v3.016 - Report created 04/01/2014 at 14:31:39

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium  (64 bits)

# Username : Mike - MIKE-LAPTOP

# Running from : F:\Installers\Security stuff\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [10390 octets] - [03/01/2014 19:28:25]

AdwCleaner[R1].txt - [862 octets] - [04/01/2014 07:06:36]

AdwCleaner[R2].txt - [921 octets] - [04/01/2014 14:30:35]

AdwCleaner[s0].txt - [10273 octets] - [04/01/2014 07:03:14]

AdwCleaner[s1].txt - [843 octets] - [04/01/2014 14:31:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [902 octets] ##########

 

Do you still want me to run the OTM?

[kevinf80]

Yes please...

[Sarge]

ll processes killed

========== FILES ==========

File/Folder C:\windows\system32\ghyjwn.eyt not found.

File/Folder C:\windows\system32\wiuu.upx not found.

File/Folder C:\windows\system32\wrukyso.gcj not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Mike

->Temp folder emptied: 2757476 bytes

->Temporary Internet Files folder emptied: 53911634 bytes

->Java cache emptied: 13478743 bytes

->Google Chrome cache emptied: 418771960 bytes

->Apple Safari cache emptied: 18490368 bytes

->Flash cache emptied: 506 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2021537693 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13744784 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20496499 bytes

RecycleBin emptied: 4996 bytes

 

Total Files Cleaned = 2,444.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 01042014_165536

 

Files moved on Reboot...

C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

[kevinf80]

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post both logs, let me know if you have any remaining issues or concerns...

 

Kevin

[Sarge]

:\FRST\Quarantine\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application

C:\Users\Mike\Documents\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application

C:\Users\Mike\Documents\Mike's stuff\Downloads\Integrated_BrotherSoft_TB.exe a variant of Win32/Toolbar.Conduit.B application

C:\Users\Mike\Downloads\Installer_Regwork (1).exe a variant of Win32/Adware.RegRevive.A application

C:\Users\Mike\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive.A application

 

 

 Results of screen317's Security Check version 0.99.78  

 Windows 7  x64 (UAC is disabled!)  

 Out of date service pack!! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 29  

 Java version out of Date! 

 Adobe Flash Player 11.9.900.170  

 Adobe Reader 9 Adobe Reader out of Date! 

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

  Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

 

 

the streaming audio has stopped, and I even got back the control of the system power settings that I didn't have access to before.

[kevinf80]

That is good news audio issue. Is there any reason why the system has not been updated to Service Pack 1 (SP1). That service pack is required to maintain system security....

 

Next,

 

We need to run OTM one more time, as follows...

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
  
  

  :FilesC:\Users\Mike\Documents\APNSetup.exeC:\Users\Mike\Documents\Mike's stuff\Downloads\Integrated_BrotherSoft_TB.exeC:\Users\Mike\Downloads\Installer_Regwork (1).exeC:\Users\Mike\Downloads\Installer_Regwork.exe:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Let me know if the above steps complete, also if any remaining issues or concerns...

 

Kevin..

[Sarge]

Updated Java, Adobe, and I'm trying to do the SP1 update right now. Windows update doesn't return an update to SP1. I'm looking at the Microsoft.com/en-us/download page and there are 5 files there and I don't know which one I'm supposed to be downloading.

 

 

All processes killed

========== FILES ==========

C:\Users\Mike\Documents\APNSetup.exe moved successfully.

C:\Users\Mike\Documents\Mike's stuff\Downloads\Integrated_BrotherSoft_TB.exe moved successfully.

C:\Users\Mike\Downloads\Installer_Regwork (1).exe moved successfully.

C:\Users\Mike\Downloads\Installer_Regwork.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Mike

->Temp folder emptied: 84763 bytes

->Temporary Internet Files folder emptied: 2810971 bytes

->Java cache emptied: 39785 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 506 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 38155 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2326662 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 5.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 01052014_081539

 

Files moved on Reboot...

C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

[Sarge]

This computer is quite the mess. If it were mine I'd have to whack it I think. There is page after page of info on why the thing won't update to SP1 using windows update. I'm downloading the iso for the update now. The update does just that, right? It updates the existing install? It doesn't whack the existing install in favor od a clean SP1 install, does it?

[kevinf80]

Go here: http://windows.microsoft.com/en-GB/windows7/install-windows-7-service-pack-1 for information on how to install SP1

[Sarge]

thank you

[kevinf80]

Before you do anything else I want you to delete FRST.exe and d/l a fresh copy, then do a re-run. Make sure to put tick in "Addition.txt" under Optional scan... Download fresh copy from following link, make sure to get the correct version for your OS...

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

[Sarge]

I'm trying to update the os to sp1 and I'm getting an error - arithmetic result exceeded 32 bits

[Sarge]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Mike (administrator) on MIKE-LAPTOP on 05-01-2014 18:28:03
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM - {AB24098B-097E-4C74-9B74-F62E1C7EE681} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - DefaultScope {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN35296702811049218&UM=2
SearchScopes: HKCU - {2F26DE85-003F-4E51-8E1C-DC78FA758670} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS433US433
SearchScopes: HKCU - {41177629-3DF9-447E-AC4A-E327F00E5DF0} URL = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111220&iesrc={referrer:source}
SearchScopes: HKCU - {6D28AC79-6CB6-4353-BECA-68A9B4D234BB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN35296702811049218&UM=2
SearchScopes: HKCU - {88C1006C-7B45-47F7-AC2F-E160DCC4D0DD} URL = http://www.search.ask.com/web?tpid=BCPAV7-SAT&o=APN11001&pf=V7&p2=%5EB3N%5EYYYYYY%5EYY%5EUS&gct=sb&itbv=12.7.0.2464&apn_uid=6F84AB4B-733D-4859-8ABE-F33B799E8893&apn_ptnrs=%5EB3N&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_8.0.7600.17267&doi=2013-12-03&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {E4DA871F-7464-4470-B935-689287BCDAC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
BHO: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File
BHO: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll" No File
BHO-x32: Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll" No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File
Toolbar: HKLM - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport.dll" No File
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Ask Toolbar - {42435041-332D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-V7C\Passport_x64.dll" No File
Toolbar: HKCU - Ask Shopping Toolbar - {42435041-5637-2D53-4154-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPAV7-SAT\Passport_x64.dll" No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Mike at 2014-01-05 18:28:35
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (x32 Version: 12.7.0.2464 - APN, LLC) <==== ATTENTION
Ask Toolbar (x32 Version: 12.7.0.2210 - APN, LLC) <==== ATTENTION
BetOnline Poker (x32 Version: 8.0.0.201108021145 - Hero Poker Network)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.1200 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.1200 - Brother Industries, Ltd.) Hidden
Brother P-touch Update Software (x32 Version: 1.0.0010 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (x32 Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (x32 Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9 - Canon Inc.)
Citrix Online Launcher (x32 Version: 1.0.153 - Citrix)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DLL Opener (x32 Version: 0.1 - )
dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Files Opened (x32 Version: 1.0 - )
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel WiMAX Tutorial (Version: 1.5.4.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005 - Intel Corporation)
Intel® Wireless Display (Version: 1.2.20.0 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (x32 Version: 6.0.290 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (x32 Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Managed DirectX (0900) (x32 Version: 4.09.00.0900 - Microsoft) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (x32 Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (x32 Version:  - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (x32 Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.35191 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Punch! Home Design and Landscape Professional (x32 Version: 16.0.2 - Punch! Software)
QB Desktop Repair Utility (x32 Version: 1.1.0 - Intuit)
QuickBooks (x32 Version: 22.0.4014.2206 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 12.0 (x32 Version: 22.0.4014.2206 - Intuit Inc.)
Quickbooks Financial Center (x32 Version: 2.02 - TOSHIBA Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (x32 Version: 10.1 - )
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
Skype Click to Call (x32 Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba App Place (x32 Version: 1.0.2.0 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)
TOSHIBA DVD PLAYER (x32 Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (x32 Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.11 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.24 - Toshiba)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.16 - TOSHIBA Corporation)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Toolbar (x32 Version:  - )

==================== Restore Points  =========================

05-01-2014 23:20:19 Windows 7 Service Pack 1

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F3F3077-AF81-4C8E-923F-B930D0D5FAB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29] (Google Inc.)
Task: {5DBB6B97-C0BB-44B2-A9DA-9DB9D8E5FBE0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E8420C9-C408-4108-B078-09D5112AFA49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {74DA8E12-B8D8-45EA-97E7-AC45FAC433B5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1485529192-504245072-3597774403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BD6F871F-38DA-46C2-BED8-A46789C65423} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1485529192-504245072-3597774403-1000
Task: {BECE6BDD-F065-4BE5-B97A-4DE2188575FD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1485529192-504245072-3597774403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D9E09E95-42E5-45A1-A0C8-AB0959DEECF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29] (Google Inc.)
Task: {E25715CC-D843-429B-A813-8F38CFBCC6DC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {F6333ADA-A59A-4AD6-BBBE-A03E573747DB} - System32\Tasks\Regwork => C:\Program Files (x86)\RegWork\RegWork.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Regwork.job => C:\Program Files (x86)\RegWork\RegWork.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2014 08:12:21 AM) (Source: MsiInstaller) (User: Mike-Laptop)
Description: Product: Java 7 Update 45 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 89264

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 89264

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1192300

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1192300

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39699790

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39699790

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (01/05/2014 06:20:59 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Service Pack installation failed with error code 0x80070216.

Error: (01/05/2014 06:20:59 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Changes to an update(Update for Microsoft Windows (KB976902)) failed during Service Pack installation.

   Identity:     Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514

   Error Code:   0x80070216

   Target State: 7

Error: (01/05/2014 06:06:23 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Service Pack installation failed with error code 0x80070216.

Error: (01/05/2014 06:06:23 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Changes to an update(Update for Microsoft Windows (KB976902)) failed during Service Pack installation.

   Identity:     Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514

   Error Code:   0x80070216

   Target State: 7

Error: (01/05/2014 05:28:23 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Service Pack installation failed with error code 0x80070216.

Error: (01/05/2014 05:28:22 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Changes to an update(Update for Microsoft Windows (KB976902)) failed during Service Pack installation.

   Identity:     Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514

   Error Code:   0x80070216

   Target State: 7

Error: (01/05/2014 05:26:24 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: The Service Pack cannot be installed when the computer is running on battery power.

Error: (01/05/2014 11:59:48 AM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Service Pack installation failed with error code 0x80070216.

Error: (01/05/2014 11:59:48 AM) (Source: Microsoft-Windows-Service Pack Installer) (User: Mike-Laptop)
Description: Changes to an update(Update for Microsoft Windows (KB976902)) failed during Service Pack installation.

   Identity:     Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514

   Error Code:   0x80070216

   Target State: 7

Error: (01/05/2014 08:56:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: JMicron Technology Corp. - Storage - JMicron PCIe MS Host Controller.

Microsoft Office Sessions:
=========================
Error: (01/05/2014 08:12:21 AM) (Source: MsiInstaller)(User: Mike-Laptop)
Description: Product: Java 7 Update 45 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 89264

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 89264

Error: (01/04/2014 08:40:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1192300

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1192300

Error: (01/04/2014 05:36:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39699790

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39699790

Error: (01/04/2014 07:02:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2013-12-03 12:35:23.832
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-03 12:35:23.722
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3890.67 MB
Available physical RAM: 2285.99 MB
Total Pagefile: 7779.48 MB
Available Pagefile: 5972.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Local Drive) (Fixed) (Total:452.7 GB) (Free:383.34 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (32G STICK) (Removable) (Total:29.67 GB) (Free:16.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C5A509FA)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

[kevinf80]

I`m not sure what you mean, your system is Windows 7  64 bit version

[Sarge]

Yes I know that. If I try to update to SP1 using windows update, the update search doesn't return SP1 update. So I downloaded the stand alone 64 bit SP1 update from the page you linked me to and when I try to install it, that's what I get. So then I went here and followed these instructions, with no joy.

 

http://windows.microsoft.com/en-us/windows7/troubleshoot-problems-installing-service-pack.

 

I'm about ready to give up.

[kevinf80]

The primary log FRST.txt is not complete, most of the log is missing. Can you post that one again please...

[Sarge]

it wouldnt let me paste the content so I just attached it

FRST.txt