Jump to content

Cosstminn removal not working


willv1807
 Share

Recommended Posts

Hi,

I have reset the chrome browser, deleted the extension and removed a source file from C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions but the extension keeps coming back. Malwarebytes has been updated and rebooted several times, browser has been reset several times, still it returns. Help. Thanks.

 

Willv1807

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by G (administrator) on G-PC on 01-09-2014 14:07:59
Running from C:\Users\G\Desktop\Downloads
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Google Inc.) C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-3228681048-3228494245-604102122-1000\...\Run: [Google Update] => "C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3228681048-3228494245-604102122-1000\...\Run: [Vidyo Desktop] => C:\Program Files\Vidyo\Vidyo Desktop\VidyoDesktop.exe [5656576 2011-07-13] ()
HKU\S-1-5-21-3228681048-3228494245-604102122-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-08-31] (Client Connect LTD)
Startup: C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0CAC1B4C06E2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {6E9801B9-C2B0-4B72-B674-DEC4F5A0E68D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=748827&p={searchTerms}
BHO: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\G\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M8F1B6702-C365-4CA6-83AE-2AB5E2BA46DF&SearchSource=55&CUI=&UM=5&UP=SP6FCA9FEE-12F1-4AC0-8F10-4C6CA7FC0CAD&SSPV=", "hxxp://search.yahoo.com/?type=748827&fr=spigot-yhp-ch", "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MFE4EE2BC-A67F-401F-8368-DFB42D582B98&SearchSource=55&CUI=&UM=6&UP=SP0AC0A6CB-6CD5-43AA-B382-51675CCAAF09&SSPV="
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\G\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Unity Player) - C:\Users\G\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\G\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR CustomProfile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (YouTube) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (No Name) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (cosstminn) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkekjidnhijadahbmhemjffdckiepcbc [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Gmail) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]
CHR Extension: (cosstminn) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkekjidnhijadahbmhemjffdckiepcbc\2.0 [2014-08-27]
CHR CustomProfile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Add to Amazon Wish List) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-07-26]
CHR Extension: (Disconnect) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-03-31]
CHR Extension: (CostMin) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nedfmllocanfadfncipgkigbjhjhjfki [2014-06-14]
CHR Extension: (cosstminn) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkekjidnhijadahbmhemjffdckiepcbc [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (CostMin) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nedfmllocanfadfncipgkigbjhjhjfki\2.2 [2014-06-14]
CHR Extension: (cosstminn) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkekjidnhijadahbmhemjffdckiepcbc\2.0 [2014-08-27]
CHR HKLM\...\Chrome\Extension: [ifcmboabbopfgadfllebggnhlidhobdh] - C:\ProgramData\Click2Save\ifcmboabbopfgadfllebggnhlidhobdh.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\G\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2998232 2014-08-31] (Client Connect LTD)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-12-16] (Juniper Networks)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
S3 VRSService; C:\Program Files\NCH Software\VRS\vrs.exe [1248772 2012-01-21] (NCH Software) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-12-16] (Juniper Networks)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-07-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-01-21] (NCH Software)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 14:05 - 2014-09-01 14:08 - 00000000 ____D () C:\FRST
2014-09-01 13:59 - 2014-09-01 13:59 - 00000056 _____ () C:\Users\G\Desktop\NorthEast Community Bank - Home.url
2014-09-01 13:02 - 2014-09-01 13:02 - 00000000 ____D () C:\Users\G\AppData\Local\SearchProtect
2014-09-01 13:01 - 2014-09-01 13:02 - 00000000 ____D () C:\Program Files\SearchProtect
2014-08-31 15:10 - 2014-08-31 15:10 - 00000139 _____ () C:\Users\G\Desktop\Why do I see multiple chrome.exe processes in the Task Manager- - fixedByVonnie.url
2014-08-27 21:41 - 2014-08-27 21:41 - 00000104 _____ () C:\Users\G\Desktop\Elon Musk cancels launch... admits to -dark dreams- - Aug. 27, 2014.url
2014-08-23 22:17 - 2014-08-23 22:48 - 00000000 ____D () C:\Users\G\Desktop\Aug 2014 Camera
2014-08-23 20:32 - 2014-07-25 12:56 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-08-23 20:32 - 2014-07-25 12:55 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-08-23 20:31 - 2014-08-23 20:31 - 00000000 ____D () C:\Users\G\AppData\Roaming\Oracle
2014-08-23 20:21 - 2014-08-23 20:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-23 20:21 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-23 20:21 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-23 20:21 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-23 20:21 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-23 20:20 - 2014-08-23 20:21 - 00004150 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-21 19:31 - 2014-08-21 19:32 - 00000000 ____D () C:\Users\G\Documents\Networking 2014
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\Program Files\WinPcap
2014-08-21 19:24 - 2014-08-21 19:26 - 00000000 ____D () C:\Program Files\Wireshark
2014-08-21 19:24 - 2014-08-21 19:24 - 00001688 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-08-21 19:24 - 2014-08-21 19:24 - 00001676 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-08-17 22:14 - 2014-08-17 22:14 - 00000076 _____ () C:\Users\G\Desktop\Robert Half.url
2014-08-15 22:53 - 2014-08-15 22:53 - 00000123 _____ () C:\Users\G\Desktop\Walmart- Retail powerhouse past its prime- - Jul. 30, 2014.url
2014-08-13 15:51 - 2014-08-13 15:51 - 00000054 _____ () C:\Users\G\Desktop\Movie Showtimes - Google Search.url
2014-08-12 14:54 - 2014-08-12 14:54 - 00000070 _____ () C:\Users\G\Desktop\Herod the Great - Wikipedia, the free encyclopedia.url
2014-08-12 14:22 - 2014-08-12 14:22 - 00000069 _____ () C:\Users\G\Desktop\Moody's Mood for Love-WBLS - YouTube.url
2014-08-10 21:08 - 2014-08-10 21:08 - 00000076 _____ () C:\Users\G\Desktop\New York City Housing Authority.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 14:08 - 2014-09-01 14:05 - 00000000 ____D () C:\FRST
2014-09-01 13:59 - 2014-09-01 13:59 - 00000056 _____ () C:\Users\G\Desktop\NorthEast Community Bank - Home.url
2014-09-01 13:54 - 2012-02-21 22:41 - 00011378 _____ () C:\Users\G\Documents\trick daddy luh da keeds 2-12.txt
2014-09-01 13:38 - 2012-01-12 20:07 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000UA.job
2014-09-01 13:02 - 2014-09-01 13:02 - 00000000 ____D () C:\Users\G\AppData\Local\SearchProtect
2014-09-01 13:02 - 2014-09-01 13:01 - 00000000 ____D () C:\Program Files\SearchProtect
2014-09-01 12:58 - 2012-01-11 02:16 - 02016657 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 19:12 - 2014-06-26 19:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 17:40 - 2009-07-14 00:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:40 - 2009-07-14 00:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:33 - 2012-01-12 20:22 - 00145658 _____ () C:\Windows\PFRO.log
2014-08-31 17:33 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 17:33 - 2009-07-14 00:39 - 00034640 _____ () C:\Windows\setupact.log
2014-08-31 17:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\TAPI
2014-08-31 16:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Resources
2014-08-31 15:10 - 2014-08-31 15:10 - 00000139 _____ () C:\Users\G\Desktop\Why do I see multiple chrome.exe processes in the Task Manager- - fixedByVonnie.url
2014-08-31 15:00 - 2012-01-12 20:07 - 00000840 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000Core.job
2014-08-27 21:50 - 2012-01-11 14:01 - 00001934 _____ () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 21:41 - 2014-08-27 21:41 - 00000104 _____ () C:\Users\G\Desktop\Elon Musk cancels launch... admits to -dark dreams- - Aug. 27, 2014.url
2014-08-27 21:32 - 2014-04-21 11:18 - 00000000 ____D () C:\Users\G\Desktop\Trans
2014-08-27 21:26 - 2014-06-14 18:07 - 00000000 ____D () C:\ProgramData\a7c49822e6514006
2014-08-27 21:05 - 2014-06-14 17:58 - 00000004 _____ () C:\END
2014-08-27 21:02 - 2014-06-14 18:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-23 22:48 - 2014-08-23 22:17 - 00000000 ____D () C:\Users\G\Desktop\Aug 2014 Camera
2014-08-23 22:48 - 2012-08-26 14:46 - 00010752 _____ () C:\Users\G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-23 20:31 - 2014-08-23 20:31 - 00000000 ____D () C:\Users\G\AppData\Roaming\Oracle
2014-08-23 20:22 - 2013-09-13 07:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-23 20:21 - 2014-08-23 20:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-23 20:21 - 2014-08-23 20:20 - 00004150 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-23 20:21 - 2012-03-04 21:57 - 00000000 ____D () C:\Program Files\Java
2014-08-23 19:29 - 2013-02-16 19:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-23 19:29 - 2013-02-16 19:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-21 19:32 - 2014-08-21 19:31 - 00000000 ____D () C:\Users\G\Documents\Networking 2014
2014-08-21 19:26 - 2014-08-21 19:24 - 00000000 ____D () C:\Program Files\Wireshark
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\Program Files\WinPcap
2014-08-21 19:24 - 2014-08-21 19:24 - 00001688 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-08-21 19:24 - 2014-08-21 19:24 - 00001676 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-08-19 21:02 - 2012-01-21 13:10 - 00000000 ____D () C:\Users\G\Desktop\Desk Crud 3
2014-08-17 22:14 - 2014-08-17 22:14 - 00000076 _____ () C:\Users\G\Desktop\Robert Half.url
2014-08-15 22:53 - 2014-08-15 22:53 - 00000123 _____ () C:\Users\G\Desktop\Walmart- Retail powerhouse past its prime- - Jul. 30, 2014.url
2014-08-13 15:51 - 2014-08-13 15:51 - 00000054 _____ () C:\Users\G\Desktop\Movie Showtimes - Google Search.url
2014-08-12 14:54 - 2014-08-12 14:54 - 00000070 _____ () C:\Users\G\Desktop\Herod the Great - Wikipedia, the free encyclopedia.url
2014-08-12 14:22 - 2014-08-12 14:22 - 00000069 _____ () C:\Users\G\Desktop\Moody's Mood for Love-WBLS - YouTube.url
2014-08-11 16:47 - 2009-07-14 00:56 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-10 21:08 - 2014-08-10 21:08 - 00000076 _____ () C:\Users\G\Desktop\New York City Housing Authority.url
2014-08-05 11:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
 
Some content of TEMP:
====================
C:\Users\G\AppData\Local\Temp\7z.dll
C:\Users\G\AppData\Local\Temp\7z.exe
C:\Users\G\AppData\Local\Temp\BackupSetup.exe
C:\Users\G\AppData\Local\Temp\Compete_setup.exe
C:\Users\G\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\G\AppData\Local\Temp\doxillionsetup.exe
C:\Users\G\AppData\Local\Temp\dtkill.exe
C:\Users\G\AppData\Local\Temp\ecogpfix.pmf.exe
C:\Users\G\AppData\Local\Temp\Executor.exe
C:\Users\G\AppData\Local\Temp\f69cvt8d7vi.exe
C:\Users\G\AppData\Local\Temp\GPUpd53A369460.exe
C:\Users\G\AppData\Local\Temp\GPUpd53A732D10.exe
C:\Users\G\AppData\Local\Temp\GPUpd53C8ABD21.exe
C:\Users\G\AppData\Local\Temp\GPUpd53CB1B341.exe
C:\Users\G\AppData\Local\Temp\GPUpd53CEEA5A1.exe
C:\Users\G\AppData\Local\Temp\GPUpd53CEEA5B2.exe
C:\Users\G\AppData\Local\Temp\GPUpd53CFB0041.exe
C:\Users\G\AppData\Local\Temp\GPUpd53CFB0052.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D29FF52.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D29FF53.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D6FFD61.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D6FFD72.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D7F5BB1.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D7F5BC2.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D93BD41.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D93BD52.exe
C:\Users\G\AppData\Local\Temp\GPUpd53D93BD83.exe
C:\Users\G\AppData\Local\Temp\GPUpd53DAF0551.exe
C:\Users\G\AppData\Local\Temp\GPUpd53DD096E1.exe
C:\Users\G\AppData\Local\Temp\GPUpd53DD096E2.exe
C:\Users\G\AppData\Local\Temp\GPUpd53DD096F3.exe
C:\Users\G\AppData\Local\Temp\GPUpd53DFCC3D0.exe
C:\Users\G\AppData\Local\Temp\GPUpd53E0FF310.exe
C:\Users\G\AppData\Local\Temp\GPUpd53E3AD460.exe
C:\Users\G\AppData\Local\Temp\GPUpd53E8D3E81.exe
C:\Users\G\AppData\Local\Temp\GPUpd53F94B331.exe
C:\Users\G\AppData\Local\Temp\GPUpd5404A6201.exe
C:\Users\G\AppData\Local\Temp\h5jaceah.yxa.exe
C:\Users\G\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\G\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\G\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\G\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\G\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\G\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\G\AppData\Local\Temp\nsc7228.exe
C:\Users\G\AppData\Local\Temp\nslFBDA.exe
C:\Users\G\AppData\Local\Temp\nsmE4E6.exe
C:\Users\G\AppData\Local\Temp\nsz90EC.exe
C:\Users\G\AppData\Local\Temp\ose00000.exe
C:\Users\G\AppData\Local\Temp\Quarantine.exe
C:\Users\G\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\G\AppData\Local\Temp\SetupAdmin.exe
C:\Users\G\AppData\Local\Temp\update_v23.exe
C:\Users\G\AppData\Local\Temp\vgpjldc3.low.exe
C:\Users\G\AppData\Local\Temp\vrssetup.exe
C:\Users\G\AppData\Local\Temp\wpsetup.exe
C:\Users\G\AppData\Local\Temp\xwvygvzf.xu3.exe
C:\Users\G\AppData\Local\Temp\zipsetup.exe
C:\Users\G\AppData\Local\Temp\_genuninst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 19:25
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txtAddition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by G at 2014-09-01 14:10:08
Running from C:\Users\G\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
doubleTwist (HKLM\...\doubleTwist) (Version: 3.2.1.14961 - doubleTwist Corporation)
Doxillion Document Converter (HKLM\...\Doxillion) (Version:  - NCH Software)
Express Zip File Compression Software (HKLM\...\ExpressZip) (Version:  - NCH Software)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.17289 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.4.9429 - Juniper Networks)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.2.0.22807 - Juniper Networks)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Search Protect (HKLM\...\SearchProtect) (Version: 2.17.1.22 - Client Connect LTD) <==== ATTENTION
SoundTap Streaming Audio Recorder (HKLM\...\SoundTap) (Version:  - NCH Software)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{91E130AA-C37F-42D8-9D5D-397B3416A7F2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Vidyo Desktop 2.1 (HKLM\...\Vidyo Desktop) (Version: 2.1 - Vidyo Inc.)
VRS Recording System (HKLM\...\VRS) (Version:  - NCH Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, http://www.wireshark.org)
Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate 6) (Version: 6.7.0.0930 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\G\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\G\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1325\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\G\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\G\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\G\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\G\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3228681048-3228494245-604102122-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\G\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
06-07-2014 23:35:08 Scheduled Checkpoint
23-07-2014 13:33:45 Scheduled Checkpoint
07-08-2014 18:31:40 Scheduled Checkpoint
24-08-2014 00:12:28 Scheduled Checkpoint
24-08-2014 00:20:11 Installed Java 7 Update 67
31-08-2014 20:08:20 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2013-04-29 22:59 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F31C287-F5C4-49EC-BE25-71C0F8BFBB73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000UA => C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {18F0A7C5-F8B1-449A-BA03-E36DD9983D9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000Core => C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {232BD2BB-F7D0-4D5D-96E1-58CE4D2A4788} - System32\Tasks\TaskUserUpdate_wp => C:\Users\G\AppData\Roaming\~quipiaa.exe
Task: {7AF2140B-D0D6-4889-8018-2E1E3E979409} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BAAE2F7C-5722-4741-8950-B73A80F5E128} - System32\Tasks\GPUpdateCheck => C:\Program Files\GetPrivate\gpup.exe [2014-06-14] ()
Task: {BF5E01E2-A68C-4B39-B7CC-BED7E92CFE32} - System32\Tasks\GPUpdate => C:\Program Files\GetPrivate\gpup.exe [2014-06-14] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000Core.job => C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228681048-3228494245-604102122-1000UA.job => C:\Users\G\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-25 15:39 - 2012-02-25 15:39 - 00081408 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll
2014-07-10 22:14 - 2014-03-09 10:35 - 00051016 _____ () C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-05-30 19:41 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\G\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-30 19:41 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\G\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-10 22:14 - 2014-03-09 10:35 - 04060488 _____ () C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-07-10 22:14 - 2014-03-09 10:35 - 00394568 _____ () C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-07-10 22:14 - 2014-03-09 10:35 - 01647432 _____ () C:\Users\G\AppData\Local\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2014 02:43:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6688
 
Error: (09/01/2014 02:43:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6688
 
Error: (09/01/2014 02:43:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2014 08:42:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2656
 
Error: (08/31/2014 08:42:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2656
 
Error: (08/31/2014 08:42:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/27/2014 11:21:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906
 
Error: (08/27/2014 11:21:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3906
 
Error: (08/27/2014 11:21:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/27/2014 09:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1410
 
Start Time: 01cfc25c08ae5fa8
 
Termination Time: 74
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 5bc31eba-2e4f-11e4-9c4e-0015c54eb16d
 
 
System errors:
=============
Error: (09/01/2014 00:57:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
Error: (09/01/2014 02:43:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/01/2014 02:42:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (08/31/2014 04:33:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ssnfd
 
Error: (08/27/2014 09:55:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ssnfd
 
Error: (08/27/2014 09:51:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (08/27/2014 09:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (08/24/2014 04:51:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (08/23/2014 08:35:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (08/23/2014 06:19:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
Microsoft Office Sessions:
=========================
 

FRST_01-09-2014_14-11-23.txt

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.