Jump to content

Best way to remove Trovi Virus?


Recommended Posts

Hi,

 

What would be the best way to remove the Trovi virus from my computer? I just got it a few days ago, and havenot  yet taken any action to remove, for fear of not knowing what I'm really doing, and downloading unnecessary programs. So far, all I can see is that my internet browsers and search engines have been hijacked. Help would be appreciated!

 

 

 

 

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

If it is, these would be the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Owner (administrator) on OWNER-PC on 27-07-2014 05:58:39
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
() C:\Program Files (x86)\gorillaprice\gorillaprice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [ZoomInfo Contact Contributor] => C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2014-07-22] ()
HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\MountPoints2: {9506842d-f33e-11e3-8ad0-e89d870d8f1f} - E:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-07-22] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-07-22] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13081;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA31D8F24E054CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.15 192.168.1.254 172.27.35.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M927D29F4-B2F9-4FB6-98D5-CDFF0D22F11A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPA1375EDD-A776-4C63-8F85-24E2476F6809
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M927D29F4-B2F9-4FB6-98D5-CDFF0D22F11A&SearchSource=55&CUI=&UM=6&UP=SPA1375EDD-A776-4C63-8F85-24E2476F6809&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\searchplugins\trovi-search.xml
FF Extension: Chat Undetected - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\Extensions\crossriderapp14917@crossrider.com [2014-07-12]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll No File
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (McAfee Security Scan+) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
CHR Extension: (Extutil) - C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-21]
CHR Extension: (Managera) - C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
Locked "GorillaPrice" service was unlocked successfully. <===== ATTENTION
 
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2975168 2014-07-22] (Client Connect LTD)
R2 GorillaPrice; C:\Program Files (x86)\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S1 HWiNFO32; \??\C:\Program Files (x86)\MyDrivers\DriverGenius2012\Mydrivers64A.SYS [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-27 05:58 - 2014-07-27 05:59 - 00014669 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-07-27 05:58 - 2014-07-27 05:58 - 00000000 ____D () C:\FRST
2014-07-27 05:57 - 2014-07-27 05:57 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-07-27 00:33 - 2014-07-27 00:33 - 00000157 _____ () C:\Users\Owner\Downloads\impsc.php
2014-07-24 10:48 - 2014-07-24 10:48 - 00000157 _____ () C:\Users\Owner\Downloads\download (7)
2014-07-24 10:47 - 2014-07-24 10:47 - 00000157 _____ () C:\Users\Owner\Downloads\download (6)
2014-07-24 10:47 - 2014-07-24 10:47 - 00000148 _____ () C:\Users\Owner\Downloads\download (5)
2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iu3 (3)
2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iframeproxy-39.html
2014-07-24 07:44 - 2014-07-24 07:44 - 00000157 _____ () C:\Users\Owner\Downloads\pr
2014-07-23 21:12 - 2014-07-23 21:12 - 00000148 _____ () C:\Users\Owner\Downloads\download (4)
2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (3)
2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (2)
2014-07-23 21:02 - 2014-07-23 21:03 - 00000155 _____ () C:\Users\Owner\Downloads\download (1)
2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoomInfo Contact Contributor
2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility
2014-07-22 23:28 - 2014-07-22 23:28 - 00180576 _____ () C:\Users\Owner\Downloads\ZoomInfoContactContributor-47.exe
2014-07-22 04:14 - 2014-07-22 04:14 - 00000155 _____ () C:\Users\Owner\Downloads\ref=nb_sb_sabc
2014-07-22 03:49 - 2014-07-22 03:49 - 00000155 _____ () C:\Users\Owner\Downloads\181463232474
2014-07-22 03:45 - 2014-07-22 03:45 - 00000156 _____ () C:\Users\Owner\Downloads\iu3 (2)
2014-07-22 03:42 - 2014-07-22 03:42 - 00000156 _____ () C:\Users\Owner\Downloads\i.html
2014-07-22 00:10 - 2014-07-22 00:10 - 00000157 _____ () C:\Users\Owner\Downloads\addineyeV2.html
2014-07-22 00:10 - 2014-07-22 00:10 - 00000148 _____ () C:\Users\Owner\Downloads\iu3 (1)
2014-07-22 00:09 - 2014-07-22 00:09 - 00000148 _____ () C:\Users\Owner\Downloads\iu3
2014-07-22 00:05 - 2014-07-22 00:05 - 00000156 _____ () C:\Users\Owner\Downloads\download
2014-07-21 05:56 - 2014-07-21 05:56 - 00000156 _____ () C:\Users\Owner\Downloads\impi (3)
2014-07-21 05:56 - 2014-07-21 05:56 - 00000148 _____ () C:\Users\Owner\Downloads\impi (2)
2014-07-21 05:54 - 2014-07-21 05:54 - 00000155 _____ () C:\Users\Owner\Downloads\impi
2014-07-21 05:54 - 2014-07-21 05:54 - 00000148 _____ () C:\Users\Owner\Downloads\impi (1)
2014-07-21 03:51 - 2014-07-27 05:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Open Download Manager
2014-07-21 03:51 - 2014-07-21 03:51 - 00001063 _____ () C:\Users\Owner\Desktop\OpenDownloaderManager.lnk
2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-07-21 03:50 - 2014-07-21 03:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-07-21 03:50 - 2014-07-21 03:50 - 00000000 ____D () C:\Program Files (x86)\gorillaprice
2014-07-21 03:49 - 2014-07-26 07:49 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-21 03:48 - 2014-07-21 03:51 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-07-21 03:07 - 2014-07-21 03:07 - 00432344 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Setup_ODM.exe
2014-07-13 01:20 - 2014-07-13 01:20 - 00036352 _____ () C:\Users\Owner\Downloads\howmuchdoyouowe.xls
2014-07-10 00:35 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 00:35 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 00:35 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 00:35 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 00:35 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 00:35 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 00:35 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 00:35 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 00:35 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 00:35 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 00:35 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 00:35 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 00:35 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 00:35 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 00:35 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 00:35 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 00:35 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 00:35 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 00:35 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 00:35 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 00:35 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 00:35 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 00:35 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 00:35 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 00:35 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 00:35 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 00:35 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 00:35 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 00:35 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 00:35 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 00:35 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 00:35 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 00:35 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 00:35 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 00:35 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 00:35 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 00:34 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 00:34 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 00:34 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 00:34 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 00:34 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 00:34 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 00:34 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 00:34 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 00:34 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 00:34 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 00:34 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 00:34 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 00:34 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 00:34 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 00:34 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 00:34 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 00:34 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 00:34 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 00:34 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 00:34 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 00:34 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 00:34 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 00:34 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 00:34 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 00:34 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 00:34 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 00:34 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 00:34 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 00:34 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-27 05:59 - 2014-07-27 05:58 - 00014669 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-07-27 05:58 - 2014-07-27 05:58 - 00000000 ____D () C:\FRST
2014-07-27 05:58 - 2014-07-21 03:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Open Download Manager
2014-07-27 05:57 - 2014-07-27 05:57 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-07-27 05:55 - 2014-04-14 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 05:49 - 2014-04-08 10:24 - 01147895 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 05:12 - 2014-04-25 01:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 04:12 - 2014-04-25 01:47 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 00:33 - 2014-07-27 00:33 - 00000157 _____ () C:\Users\Owner\Downloads\impsc.php
2014-07-26 07:49 - 2014-07-21 03:49 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-24 10:48 - 2014-07-24 10:48 - 00000157 _____ () C:\Users\Owner\Downloads\download (7)
2014-07-24 10:47 - 2014-07-24 10:47 - 00000157 _____ () C:\Users\Owner\Downloads\download (6)
2014-07-24 10:47 - 2014-07-24 10:47 - 00000148 _____ () C:\Users\Owner\Downloads\download (5)
2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iu3 (3)
2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iframeproxy-39.html
2014-07-24 07:44 - 2014-07-24 07:44 - 00000157 _____ () C:\Users\Owner\Downloads\pr
2014-07-24 06:51 - 2009-07-14 00:51 - 00033739 _____ () C:\Windows\setupact.log
2014-07-24 00:22 - 2009-07-14 00:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 00:22 - 2009-07-14 00:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 00:19 - 2009-07-14 01:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 00:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 21:12 - 2014-07-23 21:12 - 00000148 _____ () C:\Users\Owner\Downloads\download (4)
2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (3)
2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (2)
2014-07-23 21:03 - 2014-07-23 21:02 - 00000155 _____ () C:\Users\Owner\Downloads\download (1)
2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoomInfo Contact Contributor
2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility
2014-07-22 23:28 - 2014-07-22 23:28 - 00180576 _____ () C:\Users\Owner\Downloads\ZoomInfoContactContributor-47.exe
2014-07-22 04:14 - 2014-07-22 04:14 - 00000155 _____ () C:\Users\Owner\Downloads\ref=nb_sb_sabc
2014-07-22 03:49 - 2014-07-22 03:49 - 00000155 _____ () C:\Users\Owner\Downloads\181463232474
2014-07-22 03:45 - 2014-07-22 03:45 - 00000156 _____ () C:\Users\Owner\Downloads\iu3 (2)
2014-07-22 03:42 - 2014-07-22 03:42 - 00000156 _____ () C:\Users\Owner\Downloads\i.html
2014-07-22 00:10 - 2014-07-22 00:10 - 00000157 _____ () C:\Users\Owner\Downloads\addineyeV2.html
2014-07-22 00:10 - 2014-07-22 00:10 - 00000148 _____ () C:\Users\Owner\Downloads\iu3 (1)
2014-07-22 00:09 - 2014-07-22 00:09 - 00000148 _____ () C:\Users\Owner\Downloads\iu3
2014-07-22 00:05 - 2014-07-22 00:05 - 00000156 _____ () C:\Users\Owner\Downloads\download
2014-07-21 05:56 - 2014-07-21 05:56 - 00000156 _____ () C:\Users\Owner\Downloads\impi (3)
2014-07-21 05:56 - 2014-07-21 05:56 - 00000148 _____ () C:\Users\Owner\Downloads\impi (2)
2014-07-21 05:54 - 2014-07-21 05:54 - 00000155 _____ () C:\Users\Owner\Downloads\impi
2014-07-21 05:54 - 2014-07-21 05:54 - 00000148 _____ () C:\Users\Owner\Downloads\impi (1)
2014-07-21 03:51 - 2014-07-21 03:51 - 00001063 _____ () C:\Users\Owner\Desktop\OpenDownloaderManager.lnk
2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-07-21 03:51 - 2014-07-21 03:48 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-07-21 03:50 - 2014-07-21 03:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-07-21 03:50 - 2014-07-21 03:50 - 00000000 ____D () C:\Program Files (x86)\gorillaprice
2014-07-21 03:07 - 2014-07-21 03:07 - 00432344 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Setup_ODM.exe
2014-07-19 05:25 - 2014-04-25 01:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 01:20 - 2014-07-13 01:20 - 00036352 _____ () C:\Users\Owner\Downloads\howmuchdoyouowe.xls
2014-07-10 03:25 - 2009-07-14 00:45 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:24 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:04 - 2014-04-08 11:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 07:55 - 2014-04-14 22:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 07:55 - 2014-04-14 22:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 07:55 - 2014-04-14 22:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-30 03:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-27 00:52 - 2014-06-26 12:22 - 00000000 ____D () C:\Users\Owner\Desktop\Business Cards
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\7-zip.dll
C:\Users\Owner\AppData\Local\Temp\7z.dll
C:\Users\Owner\AppData\Local\Temp\7z.exe
C:\Users\Owner\AppData\Local\Temp\nsa39E4.exe
C:\Users\Owner\AppData\Local\Temp\nsa426D.exe
C:\Users\Owner\AppData\Local\Temp\nsaD8AD.exe
C:\Users\Owner\AppData\Local\Temp\nskDCE2.exe
C:\Users\Owner\AppData\Local\Temp\nsp47F9.exe
C:\Users\Owner\AppData\Local\Temp\nsuD3AC.exe
C:\Users\Owner\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 11:48
 
==================== End Of Log ============================
 
 
and
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Owner at 2014-07-27 06:01:08
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gorillaprice (HKLM-x32\...\gorillaprice) (Version:  - )
Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.25.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.17.01 - RICOH)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.10.61 - Client Connect LTD) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (12/23/2013 10.0.0.276) (HKLM\...\64FB13229C819DC4C3C29F672DA8D00E34D787EF) (Version: 12/23/2013 10.0.0.276 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - TOSHIBA (TVALZ) System  (07/14/2009 2.0.0.3) (HKLM\...\B878C31ABEFD6CF9CD1FE21524370DCA482B362F) (Version: 07/14/2009 2.0.0.3 - TOSHIBA)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZoomInfo Contact Contributor (HKCU\...\ZoomInfo Contact Contributor) (Version: 47 - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-06-2014 03:28:03 Windows Update
22-06-2014 20:45:34 Windows Update
26-06-2014 02:56:13 Windows Update
03-07-2014 04:35:52 Windows Update
07-07-2014 01:48:17 Windows Update
10-07-2014 04:37:30 Windows Update
10-07-2014 07:00:52 Windows Update
13-07-2014 20:06:08 Windows Update
16-07-2014 21:06:56 Windows Update
20-07-2014 23:17:50 Windows Update
23-07-2014 23:58:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {23DC81B7-7590-46A6-8D12-5D48DA4F48FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A0834227-0D81-4699-83B5-0B24E5056C57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {A1571FC1-7BCB-477B-85E7-953F2EB3C129} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-31 17:17 - 2012-07-31 17:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-22 23:31 - 2014-07-22 23:31 - 01624000 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe
2014-04-01 09:32 - 2014-04-01 09:32 - 00420864 _____ () C:\Program Files (x86)\gorillaprice\gorillaprice.exe
2012-11-23 13:40 - 2012-11-23 13:40 - 03516416 _____ () C:\Program Files (x86)\OpenDownloaderManager\fdmbtsupp.dll
2014-07-22 23:31 - 2014-07-22 23:31 - 00106496 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32api.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00122880 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\pywintypes25.dll
2014-07-22 23:31 - 2014-07-22 23:31 - 00339968 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\pythoncom25.dll
2014-07-22 23:31 - 2014-07-22 23:31 - 00053248 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_socket.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00655360 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_ssl.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00323584 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_hashlib.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00086016 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_ctypes.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00159744 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32gui.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00015872 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32evtlog.pyd
2014-07-22 23:31 - 2014-07-22 23:31 - 00479232 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\unicodedata.pyd
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-11-23 13:35 - 2012-11-23 13:35 - 00083968 _____ () C:\Program Files (x86)\OpenDownloaderManager\fdmumsp.dll
2014-07-19 05:24 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/27/2014 05:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1386896
 
Error: (07/27/2014 05:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1386896
 
Error: (07/27/2014 05:49:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2014 05:26:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error: (07/27/2014 05:26:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092
 
Error: (07/27/2014 05:26:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2014 05:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134
 
Error: (07/27/2014 05:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134
 
Error: (07/27/2014 05:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2014 05:08:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
 
 
System errors:
=============
Error: (07/24/2014 06:58:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/24/2014 02:28:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/24/2014 02:28:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/24/2014 00:15:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HWiNFO32
 
Error: (07/24/2014 00:14:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:36:29 PM on ‎7/‎23/‎2014 was unexpected.
 
Error: (07/23/2014 09:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/23/2014 09:05:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/23/2014 09:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/22/2014 10:41:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HWiNFO32
 
Error: (07/22/2014 10:40:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:34:25 PM on ‎7/‎22/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 69%
Total physical RAM: 3999.43 MB
Available physical RAM: 1207.43 MB
Total Pagefile: 7997.03 MB
Available Pagefile: 3962.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:388.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DABA044D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.

    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.

    Give the program a few seconds to appear.

  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.

    CHRdefaults;FFdefaults;resetIEproxy;iedefaults;emptyclsid;autoclean;systemspecs;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Link to post
Share on other sites

# AdwCleaner v3.216 - Report created 27/07/2014 at 06:54:10

# Updated 17/07/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : CltMngSvc

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Users\Owner\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\Extensions\crossriderapp14917@crossrider.com

Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\searchplugins\trovi-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v30.0 (en-US)

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\prefs.js ]

 

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M927D29F4-B2F9-4FB6-98D5-CDFF0D22F11A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPA1375EDD-A776-4C6[...]

Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");

Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M927D29F4-B2F9-4FB6-98D5-CDFF0D22F11A&SearchSource=55&CUI=&UM=6&UP=SPA1375EDD-A776-4C63-8F85[...]

Line Deleted : user_pref("extensions.crossrider.bic", "14562b0320e99504ab9f22d422de8962");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationTime", 1397520086);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.active", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbar", "NA");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbarenhanced", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb.was_copied", "true");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet_FF25_FIX", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb.was_copied", "true");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet_FF25_FIX", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.backgroundver", 6);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.certdomaininstaller", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.changeprevious", false);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app14917%22%3A%22app14917%22%2C%22US%22%3A%22US%22%2C%22NA%22%3A%22NA%22%7D")[...]

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.expiration", "Tue Jul 29 2014 22:42:54 GMT-0400 (Eastern Standard Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.value", "%22US%22");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.value", "1397520086");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet_FF25_FIX", true);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.description", "Facebook Undetected lets you disable Facebook Messenger’s read receipt feature, preventing others from seeing if you have viewed a message[...]

Line Deleted : user_pref("extensions.crossriderapp14917.14917.domain", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.enablesearch", false);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.homepage", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.iframe", false);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.value", "70");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.value", "1");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.value", "%7B%7D");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.expiration", "Wed Jul 23 2014 04:42:38 GMT-0400 (Eastern Standard Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.value", "true");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.value", "%7B%7D");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastDailyReport", "1406083357632");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastUpdate", "1406083356196");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.manifesturl", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.name", "Chat Undetected");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.newtab", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.opensearch", "");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/14917/plugins/na/ff/plugins.json");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsversion", 29);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.publisher", "Crossrider");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.searchstatus", 0);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.setnewtab", false);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.thankyou", "hxxp://crossrider.com/thank_you/14917");

Line Deleted : user_pref("extensions.crossriderapp14917.14917.updateinterval", 360);

Line Deleted : user_pref("extensions.crossriderapp14917.14917.ver", 70);

Line Deleted : user_pref("extensions.crossriderapp14917.FilesValidatorDueTime", "1405148173759");

Line Deleted : user_pref("extensions.crossriderapp14917.apps", "14917");

Line Deleted : user_pref("extensions.crossriderapp14917.bic", "14562b0320e99504ab9f22d422de8962");

Line Deleted : user_pref("extensions.crossriderapp14917.cid", 14917);

Line Deleted : user_pref("extensions.crossriderapp14917.firstrun", false);

Line Deleted : user_pref("extensions.crossriderapp14917.hadappinstalled", true);

Line Deleted : user_pref("extensions.crossriderapp14917.installationdate", 1397520086);

Line Deleted : user_pref("extensions.crossriderapp14917.modetype", "production");

Line Deleted : user_pref("extensions.crossriderapp14917.reportInstall", true);

Line Deleted : user_pref("extensions.crossriderapp14917.statsDailyCounter", 166);

Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp14917%40crossrider.com:0.95.70,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0");

 

-\\ Google Chrome v36.0.1985.125

 

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

 

*************************

 

AdwCleaner[R0].txt - [10476 octets] - [27/07/2014 06:52:44]

AdwCleaner[s0].txt - [10419 octets] - [27/07/2014 06:54:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10480 octets] ##########
Link to post
Share on other sites


 

Zoek.exe v5.0.0.0 Updated 26-07-2014

Tool run by Owner on Sun 07/27/2014 at  7:39:26.13.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Owner\Downloads\zoek (1).exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

7/27/2014 7:41:56 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GorillaPrice deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GorillaPrice deleted successfully

 

==== FireFox Fix ======================

 

Deleted from C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\prefs.js:

 

Added to C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");


user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default

 

user.js not found

---- Lines crossrider modified from prefs.js ----

 

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program

---- FireFox user.js and prefs.js backups ---- 

 

prefs_20140727_0751_.backup

 

==== Deleting Files \ Folders ======================

 

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default\extensions\crossriderapp14917@crossrider.com not found

C:\found.000 deleted

C:\Users\Owner\AppData\Roaming\Open Download Manager deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Owner\AppData\Local\SearchProtect deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\Owner\Searches deleted

C:\Users\Owner\Desktop\OpenDownloaderManager.lnk deleted

 

==== System Specs ======================

 

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 4000 MB

CPU Info: Intel® Core i5-2410M CPU @ 2.30GHz

CPU Speed: 2292.3 MHz

Sound Card: Speakers (Realtek High Definiti | 

Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR9287 Wireless Network Adapter | Intel® 82579V Gigabit Network Connection

CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8A2ES

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 2 Button Mouse Present

Hard Disks: C:  465.7GB

Hard Disks - Free: C:  389.5GB

Manufacturer *: TOSHIBA

BIOS Info: AT/AT COMPATIBLE | 07/03/12 | TOSHIB - 3

Time Zone: Eastern Standard Time

Motherboard *: TOSHIBA Portable PC

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Default Browser: Google Chrome 36.0.1985.125

Internet Explorer Version: 11.0.9600.17207 

Mozilla Firefox version: 30.0 (x86 en-US)

Google Chrome version: 36.0.1985.125

Adobe Reader version: 11.0.07.79

Flash Player version: 14.0.0.145

 

==== Firefox Extensions Registry ======================

 

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 06:36 AM]

 

==== Firefox Extensions ======================

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

 

 

==== Chrome Look ======================

 

Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

 

==== Chrome Fix ======================

 

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.silive.com_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.silive.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

 

==== Reset Google Chrome ======================

 

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Reset IE Proxy ======================

 

Value(s) before fix:

"ProxyServer"="http=127.0.0.1:13081;"

"ProxyOverride"="<-loopback>"

"ProxyEnable"=dword:00000001

 

Value(s) after fix:

"ProxyEnable"=dword:00000000

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\tgwm19zp.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache is not empty, a reboot is needed

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=1277 folders=47 14773040791 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Owner\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Owner\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKBEBGNS\creative.mathads.com"  not found

 

==== EOF on Sun 07/27/2014 at  8:04:29.94 ======================

 





 



Link to post
Share on other sites

Hi,
daumenhoch.gifgood job!

Let's do a final check up:

Step 1


Please download mbam.pngMalwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Step 2


Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

lesestoff.png

 

Can you please tell me which problems still persist now?

Link to post
Share on other sites

:)

How to get logs:

(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/27/2014

Scan Time: 8:19:09 AM

Logfile: Malwarebytes.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.27.04

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293183

Time Elapsed: 18 min, 56 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.GorillaPrice.A, HKLM\SOFTWARE\WOW6432NODE\GorillaPrice, Quarantined, [a5fc2c74b2c9e74feee92dc158aa8e72], 

PUP.Optional.GorillaPrice, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gorillaprice, Quarantined, [3968138d0576eb4be42502f3d82ac63a], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

PUP.Optional.GorillaPrice, C:\Program Files (x86)\gorillaprice, Quarantined, [abf6ecb4512adf57288d5d4dca381fe1], 

 

Files: 3

PUP.Optional.OptimumInstaller.A, C:\Users\Owner\Downloads\Player-Chrome.exe, Quarantined, [d7cae2be4f2cde58424ad97d926fd42c], 

PUP.Optional.OptimumInstaller.A, C:\Users\Owner\Downloads\Flash_Player_Pro_Setup.exe, Quarantined, [f8a9bfe17605fa3c5e2edf77629fb64a], 

PUP.Optional.GorillaPrice, C:\Program Files (x86)\gorillaprice\gorillaprice.exe, Quarantined, [abf6ecb4512adf57288d5d4dca381fe1], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

and

 


ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=c101f252e9f4314a8d2e9f082bca5153

# engine=19370

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-27 04:07:08

# local_time=2014-07-27 12:07:08 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 8234394 77662850 0 0

# scanned=108034

# found=13

# cleaned=0

# scan_time=8132

sh=A5E3F508640EDB634C378CBF054CFED5D31EB6EB ft=1 fh=6cbbb63b96e95196 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"

sh=F13E89EB4B266266C781D119EF61D43A531F572E ft=1 fh=f4753109fd425d5c vn="probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"

sh=0BFCC57D92BE5D592F192715663B5881583DCD91 ft=1 fh=c33b19cfb5833110 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"

sh=3A63F35D807A4ED2C989AF70D56EDA4701471AEA ft=1 fh=c78bba67b6b31d5a vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"

sh=21FEF8C9149B513AEEEB01B07F889431DCD9882B ft=1 fh=514ee34223cecbba vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"

sh=E98350C0EC8B68DD5E2EFF54D0696B17F42B49AA ft=1 fh=ae7c022d12f5796d vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"

sh=F9D5F9CF729BB78318192DABD07C1B79FAC5E725 ft=1 fh=d760b971a4102f06 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"

sh=E56BC0B5E1977186872B6C7846EBD2A87325894B ft=1 fh=950fcdea9c93786f vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"

sh=AF4D8A8F8DD7AA9E49B6E90D3E423000D7E4EDAD ft=1 fh=81c1049b16b8ad1c vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"

sh=715FA29CBC677B258DD56EA5D48F74C84B7F0ED3 ft=1 fh=c10597f15a4a7053 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"

sh=3C4A29EBD6C7DC6FABDAF84E2AA0E4C2707BE0CA ft=0 fh=0000000000000000 vn="JS/Redirector.NCI trojan" ac=I fn="C:\Users\Owner\Desktop\Recovery\Desktop\Old Firefox Data\extensions\zjaookgnkw@zjaookgnkw.org.xpi"

sh=AF4D8A8F8DD7AA9E49B6E90D3E423000D7E4EDAD ft=1 fh=81c1049b16b8ad1c vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll"

sh=3C4A29EBD6C7DC6FABDAF84E2AA0E4C2707BE0CA ft=0 fh=0000000000000000 vn="JS/Redirector.NCI trojan" ac=I fn="C:\zoek_backup\C_found.000\dir0002.chk\Old Firefox Data\extensions\zjaookgnkw@zjaookgnkw.org.xpi"

 

and

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Owner (administrator) on OWNER-PC on 27-07-2014 13:45:54

Running from C:\Users\Owner\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe

() C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-30] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)

HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\Run: [ZoomInfo Contact Contributor] => C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2014-07-22] ()

HKU\S-1-5-21-4130561887-6402106-3239764586-1000\...\MountPoints2: {9506842d-f33e-11e3-8ad0-e89d870d8f1f} - E:\VZW_Software_upgrade_assistant.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA31D8F24E054CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.15 192.168.1.254 172.27.35.1

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tgwm19zp.default

FF NewTab: hxxp://www.google.com/

FF DefaultSearchEngine: Google

FF SearchEngineOrder.1: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.google.com

FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S1 HWiNFO32; \??\C:\Program Files (x86)\MyDrivers\DriverGenius2012\Mydrivers64A.SYS [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-27 13:45 - 2014-07-27 13:45 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe

2014-07-27 09:34 - 2014-07-27 09:34 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-27 09:26 - 2014-07-27 09:27 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-07-27 09:26 - 2014-07-27 09:26 - 00001764 _____ () C:\Users\Owner\Desktop\Malwarebytes.txt

2014-07-27 08:21 - 2014-07-27 08:21 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-07-27 08:18 - 2014-07-27 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-27 08:17 - 2014-07-27 08:17 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-27 08:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-27 08:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-27 08:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-27 08:16 - 2014-07-27 08:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-27 08:03 - 2014-07-27 07:39 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-27 08:01 - 2014-07-27 13:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Open Download Manager

2014-07-27 07:41 - 2014-07-27 08:04 - 00009358 _____ () C:\zoek-results.log

2014-07-27 07:39 - 2014-07-27 08:01 - 00000000 ____D () C:\zoek_backup

2014-07-27 07:38 - 2014-07-27 07:39 - 01287168 _____ () C:\Users\Owner\Downloads\zoek (1).exe

2014-07-27 06:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-27 06:52 - 2014-07-27 06:54 - 00000000 ____D () C:\AdwCleaner

2014-07-27 06:52 - 2014-07-27 06:52 - 01287168 _____ () C:\Users\Owner\Downloads\zoek.exe

2014-07-27 06:51 - 2014-07-27 06:51 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-07-27 06:01 - 2014-07-27 06:02 - 00020431 _____ () C:\Users\Owner\Downloads\Addition.txt

2014-07-27 05:58 - 2014-07-27 13:46 - 00010744 _____ () C:\Users\Owner\Downloads\FRST.txt

2014-07-27 05:58 - 2014-07-27 13:45 - 00000000 ____D () C:\FRST

2014-07-27 05:57 - 2014-07-27 05:57 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2014-07-27 00:33 - 2014-07-27 00:33 - 00000157 _____ () C:\Users\Owner\Downloads\impsc.php

2014-07-24 10:48 - 2014-07-24 10:48 - 00000157 _____ () C:\Users\Owner\Downloads\download (7)

2014-07-24 10:47 - 2014-07-24 10:47 - 00000157 _____ () C:\Users\Owner\Downloads\download (6)

2014-07-24 10:47 - 2014-07-24 10:47 - 00000148 _____ () C:\Users\Owner\Downloads\download (5)

2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iframeproxy-39.html

2014-07-24 07:44 - 2014-07-24 07:44 - 00000157 _____ () C:\Users\Owner\Downloads\pr

2014-07-23 21:12 - 2014-07-23 21:12 - 00000148 _____ () C:\Users\Owner\Downloads\download (4)

2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (3)

2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (2)

2014-07-23 21:02 - 2014-07-23 21:03 - 00000155 _____ () C:\Users\Owner\Downloads\download (1)

2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoomInfo Contact Contributor

2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility

2014-07-22 23:28 - 2014-07-22 23:28 - 00180576 _____ () C:\Users\Owner\Downloads\ZoomInfoContactContributor-47.exe

2014-07-22 04:14 - 2014-07-22 04:14 - 00000155 _____ () C:\Users\Owner\Downloads\ref=nb_sb_sabc

2014-07-22 03:49 - 2014-07-22 03:49 - 00000155 _____ () C:\Users\Owner\Downloads\181463232474

2014-07-22 03:42 - 2014-07-22 03:42 - 00000156 _____ () C:\Users\Owner\Downloads\i.html

2014-07-22 00:10 - 2014-07-22 00:10 - 00000157 _____ () C:\Users\Owner\Downloads\addineyeV2.html

2014-07-22 00:05 - 2014-07-22 00:05 - 00000156 _____ () C:\Users\Owner\Downloads\download

2014-07-21 05:56 - 2014-07-21 05:56 - 00000156 _____ () C:\Users\Owner\Downloads\impi (3)

2014-07-21 05:56 - 2014-07-21 05:56 - 00000148 _____ () C:\Users\Owner\Downloads\impi (2)

2014-07-21 05:54 - 2014-07-21 05:54 - 00000155 _____ () C:\Users\Owner\Downloads\impi

2014-07-21 05:54 - 2014-07-21 05:54 - 00000148 _____ () C:\Users\Owner\Downloads\impi (1)

2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager

2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager

2014-07-21 03:48 - 2014-07-21 03:51 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager

2014-07-21 03:07 - 2014-07-21 03:07 - 00432344 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Setup_ODM.exe

2014-07-13 01:20 - 2014-07-13 01:20 - 00036352 _____ () C:\Users\Owner\Downloads\howmuchdoyouowe.xls

2014-07-10 00:35 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-10 00:35 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-10 00:35 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-10 00:35 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-10 00:35 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-10 00:35 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-10 00:35 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-10 00:35 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-10 00:35 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-10 00:35 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-10 00:35 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-10 00:35 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-10 00:35 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-10 00:35 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-10 00:35 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-10 00:35 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-10 00:35 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-10 00:35 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-10 00:35 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-10 00:35 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-10 00:35 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-10 00:35 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-10 00:35 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-10 00:35 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-10 00:35 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-10 00:35 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-10 00:35 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-10 00:35 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-10 00:35 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-10 00:35 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-10 00:35 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-10 00:35 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-10 00:35 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-10 00:35 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-10 00:35 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-10 00:35 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-10 00:34 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-10 00:34 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-10 00:34 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-10 00:34 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-10 00:34 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-10 00:34 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-10 00:34 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-10 00:34 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-10 00:34 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-10 00:34 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-10 00:34 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-10 00:34 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-10 00:34 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-10 00:34 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-10 00:34 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-10 00:34 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-10 00:34 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-10 00:34 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-10 00:34 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-10 00:34 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-10 00:34 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-10 00:34 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-10 00:34 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-10 00:34 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-10 00:34 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-10 00:34 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-10 00:34 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-10 00:34 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-10 00:34 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-27 13:46 - 2014-07-27 05:58 - 00010744 _____ () C:\Users\Owner\Downloads\FRST.txt

2014-07-27 13:45 - 2014-07-27 13:45 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe

2014-07-27 13:45 - 2014-07-27 08:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Open Download Manager

2014-07-27 13:45 - 2014-07-27 05:58 - 00000000 ____D () C:\FRST

2014-07-27 13:42 - 2014-04-08 10:24 - 01267156 _____ () C:\Windows\WindowsUpdate.log

2014-07-27 13:12 - 2014-04-25 01:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-27 12:55 - 2014-04-14 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-27 09:39 - 2014-04-08 11:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help

2014-07-27 09:34 - 2014-07-27 09:34 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-27 09:27 - 2014-07-27 09:26 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-07-27 09:26 - 2014-07-27 09:26 - 00001764 _____ () C:\Users\Owner\Desktop\Malwarebytes.txt

2014-07-27 09:02 - 2009-07-14 00:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-27 09:02 - 2009-07-14 00:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-27 09:01 - 2014-07-27 08:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-27 08:52 - 2014-04-25 01:47 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-27 08:52 - 2010-11-20 23:47 - 00009036 _____ () C:\Windows\PFRO.log

2014-07-27 08:52 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-27 08:52 - 2009-07-14 00:51 - 00033963 _____ () C:\Windows\setupact.log

2014-07-27 08:39 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew

2014-07-27 08:21 - 2014-07-27 08:21 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-07-27 08:17 - 2014-07-27 08:17 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-27 08:17 - 2014-07-27 08:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-27 08:17 - 2014-07-27 08:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-27 08:08 - 2009-07-14 01:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-27 08:04 - 2014-07-27 07:41 - 00009358 _____ () C:\zoek-results.log

2014-07-27 08:01 - 2014-07-27 07:39 - 00000000 ____D () C:\zoek_backup

2014-07-27 07:59 - 2014-04-08 10:23 - 00000000 ____D () C:\Users\Owner

2014-07-27 07:39 - 2014-07-27 08:03 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-27 07:39 - 2014-07-27 07:38 - 01287168 _____ () C:\Users\Owner\Downloads\zoek (1).exe

2014-07-27 06:54 - 2014-07-27 06:52 - 00000000 ____D () C:\AdwCleaner

2014-07-27 06:52 - 2014-07-27 06:52 - 01287168 _____ () C:\Users\Owner\Downloads\zoek.exe

2014-07-27 06:51 - 2014-07-27 06:51 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-07-27 06:02 - 2014-07-27 06:01 - 00020431 _____ () C:\Users\Owner\Downloads\Addition.txt

2014-07-27 05:57 - 2014-07-27 05:57 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2014-07-27 00:33 - 2014-07-27 00:33 - 00000157 _____ () C:\Users\Owner\Downloads\impsc.php

2014-07-24 10:48 - 2014-07-24 10:48 - 00000157 _____ () C:\Users\Owner\Downloads\download (7)

2014-07-24 10:47 - 2014-07-24 10:47 - 00000157 _____ () C:\Users\Owner\Downloads\download (6)

2014-07-24 10:47 - 2014-07-24 10:47 - 00000148 _____ () C:\Users\Owner\Downloads\download (5)

2014-07-24 07:45 - 2014-07-24 07:45 - 00000154 _____ () C:\Users\Owner\Downloads\iframeproxy-39.html

2014-07-24 07:44 - 2014-07-24 07:44 - 00000157 _____ () C:\Users\Owner\Downloads\pr

2014-07-23 21:12 - 2014-07-23 21:12 - 00000148 _____ () C:\Users\Owner\Downloads\download (4)

2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (3)

2014-07-23 21:11 - 2014-07-23 21:11 - 00000148 _____ () C:\Users\Owner\Downloads\download (2)

2014-07-23 21:03 - 2014-07-23 21:02 - 00000155 _____ () C:\Users\Owner\Downloads\download (1)

2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoomInfo Contact Contributor

2014-07-22 23:31 - 2014-07-22 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility

2014-07-22 23:28 - 2014-07-22 23:28 - 00180576 _____ () C:\Users\Owner\Downloads\ZoomInfoContactContributor-47.exe

2014-07-22 04:14 - 2014-07-22 04:14 - 00000155 _____ () C:\Users\Owner\Downloads\ref=nb_sb_sabc

2014-07-22 03:49 - 2014-07-22 03:49 - 00000155 _____ () C:\Users\Owner\Downloads\181463232474

2014-07-22 03:42 - 2014-07-22 03:42 - 00000156 _____ () C:\Users\Owner\Downloads\i.html

2014-07-22 00:10 - 2014-07-22 00:10 - 00000157 _____ () C:\Users\Owner\Downloads\addineyeV2.html

2014-07-22 00:05 - 2014-07-22 00:05 - 00000156 _____ () C:\Users\Owner\Downloads\download

2014-07-21 05:56 - 2014-07-21 05:56 - 00000156 _____ () C:\Users\Owner\Downloads\impi (3)

2014-07-21 05:56 - 2014-07-21 05:56 - 00000148 _____ () C:\Users\Owner\Downloads\impi (2)

2014-07-21 05:54 - 2014-07-21 05:54 - 00000155 _____ () C:\Users\Owner\Downloads\impi

2014-07-21 05:54 - 2014-07-21 05:54 - 00000148 _____ () C:\Users\Owner\Downloads\impi (1)

2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager

2014-07-21 03:51 - 2014-07-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager

2014-07-21 03:51 - 2014-07-21 03:48 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager

2014-07-21 03:07 - 2014-07-21 03:07 - 00432344 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Setup_ODM.exe

2014-07-19 05:25 - 2014-04-25 01:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-13 01:20 - 2014-07-13 01:20 - 00036352 _____ () C:\Users\Owner\Downloads\howmuchdoyouowe.xls

2014-07-10 03:25 - 2009-07-14 00:45 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-10 03:24 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 03:04 - 2014-04-08 11:19 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-07-09 07:55 - 2014-04-14 22:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 07:55 - 2014-04-14 22:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-09 07:55 - 2014-04-14 22:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-06-30 03:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-05-29 11:48

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014

Ran by Owner at 2014-07-27 13:47:22

Running from C:\Users\Owner\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden

Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)

Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)

Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden

RICOH Media Driver v2.25.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.17.01 - RICOH)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)

Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (12/23/2013 10.0.0.276) (HKLM\...\64FB13229C819DC4C3C29F672DA8D00E34D787EF) (Version: 12/23/2013 10.0.0.276 - Qualcomm Atheros Communications Inc.)

Windows Driver Package - TOSHIBA (TVALZ) System  (07/14/2009 2.0.0.3) (HKLM\...\B878C31ABEFD6CF9CD1FE21524370DCA482B362F) (Version: 07/14/2009 2.0.0.3 - TOSHIBA)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

ZoomInfo Contact Contributor (HKCU\...\ZoomInfo Contact Contributor) (Version: 47 - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

26-06-2014 02:56:13 Windows Update

03-07-2014 04:35:52 Windows Update

07-07-2014 01:48:17 Windows Update

10-07-2014 04:37:30 Windows Update

10-07-2014 07:00:52 Windows Update

13-07-2014 20:06:08 Windows Update

16-07-2014 21:06:56 Windows Update

20-07-2014 23:17:50 Windows Update

23-07-2014 23:58:08 Windows Update

27-07-2014 11:41:33 zoek.exe restore point

27-07-2014 12:15:39 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {23DC81B7-7590-46A6-8D12-5D48DA4F48FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {A0834227-0D81-4699-83B5-0B24E5056C57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)

Task: {A1571FC1-7BCB-477B-85E7-953F2EB3C129} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-07-31 17:17 - 2012-07-31 17:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-07-22 23:31 - 2014-07-22 23:31 - 01624000 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-11-23 13:40 - 2012-11-23 13:40 - 03516416 _____ () C:\Program Files (x86)\OpenDownloaderManager\fdmbtsupp.dll

2014-07-22 23:31 - 2014-07-22 23:31 - 00106496 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32api.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00122880 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\pywintypes25.dll

2014-07-22 23:31 - 2014-07-22 23:31 - 00339968 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\pythoncom25.dll

2014-07-22 23:31 - 2014-07-22 23:31 - 00053248 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_socket.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00655360 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_ssl.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00323584 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_hashlib.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00086016 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\_ctypes.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00159744 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32gui.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00015872 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\win32evtlog.pyd

2014-07-22 23:31 - 2014-07-22 23:31 - 00479232 _____ () C:\Users\Owner\AppData\Local\ZoomInfoCEUtility\2163\unicodedata.pyd

2012-11-23 13:35 - 2012-11-23 13:35 - 00083968 _____ () C:\Program Files (x86)\OpenDownloaderManager\fdmumsp.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-07-19 05:24 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: HWiNFO32/64 Kernel Driver

Description: HWiNFO32/64 Kernel Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: HWiNFO32

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/27/2014 01:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2122

 

Error: (07/27/2014 01:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2122

 

Error: (07/27/2014 01:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (07/27/2014 01:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

 

Error: (07/27/2014 01:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1077

 

Error: (07/27/2014 01:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (07/27/2014 00:22:49 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (07/27/2014 11:14:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13338

 

Error: (07/27/2014 11:14:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13338

 

Error: (07/27/2014 11:14:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (07/27/2014 08:52:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

HWiNFO32

 

Error: (07/27/2014 08:39:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

HWiNFO32

 

Error: (07/27/2014 08:04:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

HWiNFO32

 

Error: (07/27/2014 07:51:04 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:51:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:51:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:51:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:51:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:51:00 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/27/2014 07:50:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 61%

Total physical RAM: 3999.43 MB

Available physical RAM: 1536.03 MB

Total Pagefile: 7997.03 MB

Available Pagefile: 5412.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.66 GB) (Free:394.88 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DABA044D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


 


Link to post
Share on other sites

It's good to hear that your problems appear to be solved.

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Mozilla Firefox 30.0

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Here you go:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by Owner at 2014-07-28 15:33:20 Run:1

Running from C:\Users\Owner\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Owner\Desktop\Recovery\Desktop\Old Firefox Data\extensions\zjaookgnkw@zjaookgnkw.org.xpi

C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll

 

*****************

 

C:\Users\Owner\Desktop\Recovery\Desktop\Old Firefox Data\extensions\zjaookgnkw@zjaookgnkw.org.xpi => Moved successfully.

"C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll" => File/Directory not found.

 

==== End of Fixlog ====

 

I am now working on the cleanup. Thank you so much!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.