Jump to content

Recommended Posts

Hello all,

 

I recently searched for this Bikiniland nuisance and found a topic on the forum, however I wanted to start a new topic so that I may receive help in removing it for my specific device (laptop computer). All I have thus far done is downloaded and ran a Scan with Farbar.

 

If any of you could assist me with this from here on out, I would be greatly appreciative. I hope to hear from you soon. Thank you.

 

TwinHeadedEagle was the one who assisted in the last thread I read regarding this problem.

 

Regards,

 

PRNKulukjian (Aaron)

Link to post
Share on other sites

Hello and :welcome:

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Post me the FRST logs if you still have them.

Link to post
Share on other sites

Sorry, I just noticed you preferred a paste rather than a file attachment. Here are the FRST and Addition logs, in order:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by kuaa9113 (administrator) on RC-NB-R9VD2EM on 17-02-2015 00:25:01
Running from C:\Users\kuaa9113\Downloads
Loaded Profiles: kuaa9113 (Available profiles: kuaa9113 & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\kuaa9113\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2455280 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [uSB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Run: [spotify Web Helper] => C:\Users\kuaa9113\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-09] (Spotify Ltd)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [1] cmd.exe
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [2] command.com
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [3] tourstart.exe
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoChangeStartMenu] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoPropertiesMyComputer] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\MountPoints2: {39a7b1c0-0864-11e4-a743-3c970e4b51e3} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
 
Chrome: 
=======
CHR HomePage: Default -> https://infozone.sjvc.edu/
CHR StartupUrls: Default -> "https://infozone.sjvc.edu/Pages/InfoZone.aspx","hxxp://binkiland.com/?f=7&a=bnk_dnldstr_15_07&cd=2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0D0DtD0E0DzzyB0FzytCtN0D0Tzu0StCtCyEtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0F0Czz0AtC0FtG0CtDyE0DtGyD0F0CyDtG0DyCtByCtGtDtA0DyDyCyEyC0DyD0C0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtA0E0CtC0AtBtGzy0EyBzytGyEtDtAzytG0A0CtB0BtG0A0F0F0D0B0BtDtDzytAyByE2Q&cr=546289506&ir=", "hxxp://binkiland.com/?f=7&a=&cd=&cr=&ir="
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR Profile: C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
CHR Extension: (YouTube) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (Google Search) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Gmail) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cphs; C:\windows\system32\IntelCpHeciSvc.exe [276288 2013-02-19] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 iaStorA; C:\windows\System32\drivers\iaStorA.sys [505192 2013-08-02] (Intel Corporation)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [25448 2013-08-02] (Intel Corporation)
R0 iusb3hcs; C:\windows\System32\drivers\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [56432 2013-05-16] (Intel Corporation)
R1 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-26] (Intel Corporation)
S3 SmbDrv; C:\windows\system32\drivers\Smb_driver_AMDASF.sys [24816 2014-02-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [25328 2014-02-24] (Synaptics Incorporated)
S3 VMWVAUDIO; C:\windows\System32\drivers\vmwvaudio.sys [39448 2012-11-30] (VMware, Inc.)
S3 vmwvhub; C:\windows\System32\Drivers\vmwvhub.sys [88656 2013-02-06] (VMware, Inc.)
S3 vmxnet3ndis6; C:\windows\System32\DRIVERS\vmxnet3n61x86.sys [68760 2012-11-17] (VMware, Inc.)
R1 MpKsl90a9d4aa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E17CA42D-43FD-449B-ADDF-1E131D0A254E}\MpKsl90a9d4aa.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S1 vmdebug; \??\C:\Windows\system32\Drivers\vmdebug.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 00:25 - 2015-02-17 00:25 - 00016382 _____ () C:\Users\kuaa9113\Downloads\FRST.txt
2015-02-17 00:24 - 2015-02-17 00:25 - 00000000 ____D () C:\FRST
2015-02-17 00:24 - 2015-02-17 00:24 - 02085888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST64 (1).exe
2015-02-17 00:24 - 2015-02-17 00:24 - 01125888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST.exe
2015-02-17 00:22 - 2015-02-17 00:22 - 02085888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST64.exe
2015-02-16 23:20 - 2015-02-16 23:20 - 00000010 _____ () C:\Users\kuaa9113\AppData\Local\DSI.DAT
2015-02-15 10:19 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Component
2015-02-15 10:19 - 2015-02-16 23:31 - 00000000 ____D () C:\Program Files\PDF Reader
2015-02-15 10:18 - 2015-02-16 23:31 - 00000000 ____D () C:\Program Files\NpackdCL
2015-02-15 10:18 - 2015-02-15 10:18 - 00000000 ____D () C:\ProgramData\Npackd
2015-02-15 10:17 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Fast Browser
2015-02-15 10:16 - 2015-02-15 10:17 - 00000000 ____D () C:\Program Files\Fast Browser
2015-02-15 10:12 - 2015-02-15 10:12 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn (2).tax2013
2015-02-15 10:10 - 2015-02-15 10:10 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn.tax2013
2015-02-15 10:10 - 2015-02-15 10:10 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn (1).tax2013
2015-02-14 19:30 - 2015-02-16 23:20 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Binkiland
2015-02-14 19:29 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2015-02-14 19:29 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\PriceFountain
2015-02-14 19:29 - 2015-02-14 19:29 - 01055936 _____ (Adobe) C:\Users\kuaa9113\Downloads\install_flash_player_ax.exe
2015-02-14 19:28 - 2015-02-14 19:28 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Binkiland
2015-02-14 19:27 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\WSE_Binkiland
2015-02-14 19:27 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\browser extensions
2015-02-14 19:27 - 2015-02-14 19:27 - 00000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3
2015-02-14 19:27 - 2015-02-14 19:27 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\UpdaterEX
2015-02-14 19:25 - 2015-02-14 19:26 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\kuaa9113\Downloads\Adobe_Flash_Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 00:09 - 2014-07-09 15:00 - 01290048 _____ () C:\windows\WindowsUpdate.log
2015-02-17 00:04 - 2014-07-10 12:02 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 23:52 - 2009-07-13 20:34 - 00024032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 23:52 - 2009-07-13 20:34 - 00024032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 23:51 - 2014-10-25 11:49 - 00000994 _____ () C:\Users\kuaa9113\Desktop\Dropbox.lnk
2015-02-16 23:51 - 2014-10-25 11:49 - 00000000 ___RD () C:\Users\kuaa9113\Dropbox
2015-02-16 23:51 - 2014-10-25 11:47 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-16 23:51 - 2014-10-25 11:45 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Dropbox
2015-02-16 23:47 - 2014-09-24 12:32 - 00000000 ____D () C:\Users\kuaa9113\Tracing
2015-02-16 23:47 - 2014-07-10 12:02 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 23:47 - 2014-07-10 08:07 - 00000000 ____D () C:\Users\kuaa9113
2015-02-16 23:32 - 2009-07-13 20:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-16 23:32 - 2009-07-13 20:39 - 00061891 _____ () C:\windows\setupact.log
2015-02-16 23:32 - 2009-07-13 18:37 - 00000000 ____D () C:\windows\system32\wfp
2015-02-16 23:31 - 2014-07-10 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-16 23:31 - 2014-07-10 07:11 - 00000000 ____D () C:\Users\ED_Deploy
2015-02-16 23:31 - 2014-07-09 15:02 - 00000000 ____D () C:\Users\Administrator
2015-02-16 23:31 - 2013-05-19 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-16 23:31 - 2010-11-20 16:31 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-16 23:31 - 2009-07-13 18:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-16 23:31 - 2009-07-13 18:37 - 00000000 ____D () C:\windows\registration
2015-02-14 19:29 - 2014-07-10 11:00 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Adobe
2015-02-12 19:06 - 2014-08-06 16:39 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Spotify
2015-02-10 14:01 - 2014-08-06 16:38 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Spotify
2015-02-06 16:28 - 2014-07-10 12:06 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 10:24 - 2010-11-20 13:48 - 00032646 _____ () C:\windows\PFRO.log
2015-02-01 16:32 - 2014-08-04 19:05 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\HpUpdate
 
==================== Files in the root of some directories =======
 
2015-02-14 19:27 - 2015-02-14 19:27 - 0000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3
2015-02-16 23:20 - 2015-02-16 23:20 - 0000010 _____ () C:\Users\kuaa9113\AppData\Local\DSI.DAT
2014-08-04 19:04 - 2014-08-04 19:04 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\kuaa9113\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptppyvw.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 22:44
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by kuaa9113 at 2015-02-17 00:26:26
Running from C:\Users\kuaa9113\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Forefront Endpoint Protection 2010 (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Forefront Endpoint Protection 2010 (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Aleks 3.18 (HKLM\...\Aleks 3.18) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Automated Accounting (Version: 8.0 - Southwestern Publishing Co.) Hidden
Automated Accounting 8.0 (HKLM\...\InstallShield_{1CB29ACC-626E-11D6-9D83-00E098080F95}) (Version: 8.0 - Southwestern Publishing Co.)
Avatar Document Imaging and Archiving (HKLM\...\{3F1B8FE6-3BDF-40A5-A2F5-6115B66F4A06}) (Version: 2.0.10 - Netsmart)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Clinical Simulation Seminar Collection (C:\Program Files\Cedric Mills\) #3 (HKLM\...\ST6UNST #10) (Version:  - )
Clinical Simulation Seminar Collection (C:\Program Files\Cedric Mills\) (HKLM\...\ST6UNST #2) (Version:  - )
Clinical Simulation Seminar Collection (HKLM\...\ST6UNST #1) (Version:  - )
CMA, RMA, and CMAS Exam Preparation (HKLM\...\{6D1649CD-7AA7-488C-BCB1-6F5003628BAC}) (Version:  - )
CPC Coding Exam Review 2011 (HKLM\...\CPC Coding Exam Review 2011) (Version:  - Elsevier)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elsevier Pageburst (HKLM\...\{4332EE85-5BCE-48BA-AA56-BF6CD1BC2262}) (Version: 6.01.0009 - Ingram Digital)
GMetrix SMS (HKLM\...\{958AAA08-5B3D-4E91-8B7C-E07175110416}) (Version: 3.2.0.1 - GMetrix LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboarding Pro 4 (HKLM\...\Keyboarding Pro 4) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) #3 (HKLM\...\ST6UNST #7) (Version:  - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) #4 (HKLM\...\ST6UNST #8) (Version:  - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) (HKLM\...\ST6UNST #6) (Version:  - )
LindseyJones 28 Clinical Simulations (HKLM\...\ST6UNST #5) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (C:\Program Files\Myasthenia Gravis\) #3 (HKLM\...\ST6UNST #9) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (C:\Program Files\Myasthenia Gravis\) (HKLM\...\ST6UNST #4) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (HKLM\...\ST6UNST #3) (Version:  - )
Medical Terminology for Health Professions (HKLM\...\Medical Terminology for Health Professions_is1) (Version:  - Cengage Delmar Learning)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Forefront Endpoint Protection 2010 (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MOSS v2.0 (HKLM\...\{E5EAB38C-D6CE-4B83-85A3-D006D9832292}) (Version: 2.0.0 - Delmar Learning)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyITLab ActiveX Installer 2, 9, 8, 65535 (HKLM\...\MyITLab ActiveX Installer_is1) (Version:  - Pearson Education)
PACprep V3.0 (HKLM\...\{A64BD882-988B-471A-B45A-58144A5CA643}) (Version: 1.00.0000 - DataChem Software, Inc.)
PharmacyLabs (HKLM\...\{1775A9E2-14BC-AF20-5BE9-BEFF2A58B8FC}) (Version: 1.0.2 - EMC Publishing, LLC)
R.A.L.E. Lung Sounds (HKLM\...\R.A.L.E. Lung Sounds_is1) (Version:  - PixSoft Inc.)
Respondus LockDown Browser - Lab Version (HKLM\...\{3DEC3ECB-D6FB-450E-8248-D05C36AD5FA4}) (Version: 1.0.5.05 - Respondus, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Spotify (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spring Medical Systems, Inc. SpringCharts EHR Demo Version 9.7.5 SP1.1 (HKLM\...\SpringCharts EHR Demo) (Version: Version 9.7.5 SP1.1 - Spring Medical Systems, Inc.)
SureTrak 3.0 (HKLM\...\SureTrak 3.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.34 - Synaptics Incorporated)
TriMed Technologies e-Medsys Client for Delmar / Cengage Learning (HKLM\...\TriMed Technologies E-Medsys Educational Edition_is1) (Version:  - TriMed Technologies)
VitalSource Bookshelf (HKLM\...\{68006BA9-9E59-4DEB-89C2-4A0C9EE7CFF1}) (Version: 6.01.0009 - Ingram Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
14-12-2014 10:36:44 Windows Update
15-12-2014 15:59:30 Installed Avatar Document Imaging and Archiving
15-12-2014 16:03:43 Installed Java 7 Update 45
18-12-2014 10:51:30 Windows Update
21-12-2014 12:27:20 Windows Update
25-12-2014 11:24:29 Windows Update
28-12-2014 17:00:00 Windows Update
31-12-2014 21:47:22 Windows Update
04-01-2015 03:35:28 Windows Update
08-01-2015 21:37:36 Windows Update
15-01-2015 17:48:29 Windows Update
19-01-2015 21:29:03 Windows Update
25-01-2015 08:58:30 Windows Update
29-01-2015 04:11:38 Windows Update
01-02-2015 16:55:00 Windows Update
06-02-2015 19:35:33 Windows Update
10-02-2015 14:23:07 Windows Update
14-02-2015 19:40:58 Windows Update
15-02-2015 10:17:54 Installed NpackdCL
16-02-2015 23:29:25 Restore Operation
16-02-2015 23:44:54 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1FF23B29-0317-414B-AA16-47CC6C25B724} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {2893BD6F-B819-4BE4-AE65-C8A3A41BCC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {71283E72-EB77-4330-AC79-2888BAEA8C02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B67AF3FE-89F7-44F2-BC69-24653A4736AD} - System32\Tasks\{D8168A14-69F6-4175-B83F-D85B6E12A59B} => pcalua.exe -a "F:\NBRC help, tips, practice\Lindsey Jones\28 stimulations\setup.exe" -d "F:\NBRC help, tips, practice\Lindsey Jones\28 stimulations"
Task: {D872B4CB-08DD-4504-9FBF-1173B6402637} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F4E1CF05-DD70-4D0A-B0D7-B9EE30118C02} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-21 07:06 - 2012-10-04 18:50 - 00088688 _____ () C:\windows\System32\cpwmon2k.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-19 17:42 - 2013-02-19 17:42 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00750080 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-16 23:51 - 2015-02-16 23:51 - 00043008 _____ () c:\users\kuaa9113\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptppyvw.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00047616 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00865280 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00200704 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\Control Panel\Desktop\\Wallpaper -> C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-624683280-2784528852-2041967562-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-624683280-2784528852-2041967562-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2015 11:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 100732965
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 100732965
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15150880
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15150880
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/14/2015 10:46:39 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (02/14/2015 10:46:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/12/2015 07:53:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7862
 
 
System errors:
=============
Error: (02/16/2015 11:47:07 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/16/2015 11:43:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.191.4790.0
 
Update Source: %NT AUTHORITY49
 
Update Stage: 3.0.8107.00
 
Source Path: 3.0.8107.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/16/2015 11:32:51 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (02/16/2015 11:32:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ED due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/16/2015 11:32:44 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 
Signatures Attempted: %24
 
Error Code: 0x80070002
 
Error description: The system cannot find the file specified. 
 
Signature version: 0.0.0.0;0.0.0.0
 
Engine version: %600
 
Error: (02/16/2015 11:20:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/16/2015 11:20:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/15/2015 10:22:40 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ED due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/15/2015 10:19:29 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/15/2015 10:17:40 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (02/16/2015 11:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 100732965
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 100732965
 
Error: (02/16/2015 11:20:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15150880
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15150880
 
Error: (02/15/2015 10:07:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/14/2015 10:46:39 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (02/14/2015 10:46:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1050 J410 series\DriverStore\Pipeline\amd64\hpinkins8911.exe
 
Error: (02/12/2015 07:53:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7862
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 1616.02 MB
Available physical RAM: 367.57 MB
Total Pagefile: 3232.05 MB
Available Pagefile: 1914.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.23 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:465.27 GB) (Free:380.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61B7776F)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Yup, I see something here.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

Okay Radek, I have ran the JRT and the following log is from the report. I will now manually restart my computer and then download AdwCleaner and follow your directions. Thank you again.

 

JRT file contents:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Enterprise x86
Ran by kuaa9113 on Tue 02/17/2015 at  3:09:32.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\kuaa9113\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe
Successfully deleted: [File] C:\Users\kuaa9113\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\kuaa9113\AppData\Roaming\Binkiland
Successfully deleted: [Folder] C:\Users\kuaa9113\AppData\Roaming\UpdaterEX
Successfully deleted: [Folder] "C:\ProgramData\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at  3:11:46.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Radek, I re-ran the same JRT because I forgot to turn off my Microsoft Security Essentials before doing so the first time. This is the second log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Enterprise x86
Ran by kuaa9113 on Tue 02/17/2015 at  3:25:13.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
Link to post
Share on other sites

Hey Radek,

 

The following are the file contents from the AdwCleaner :

 

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 03:33:27
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : kuaa9113 - RC-NB-R9VD2EM
# Running from : C:\Users\kuaa9113\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\kuaa9113\AppData\Local\Browser Extensions
Folder Deleted : C:\Users\kuaa9113\AppData\Local\PriceFountain
Folder Deleted : C:\Users\kuaa9113\AppData\Local\WSE_Binkiland
Folder Deleted : C:\Users\kuaa9113\AppData\Local\Binkiland
Folder Deleted : C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
File Deleted : C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\PIP
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17054
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1471 bytes] - [17/02/2015 03:31:28]
AdwCleaner[s0].txt - [1416 bytes] - [17/02/2015 03:33:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1475  bytes] ##########
Link to post
Share on other sites

Great. Now a fresh scan for a fresh look how the things are going.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hey Radek, below are both the FRST and the Addition logs:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by kuaa9113 (administrator) on RC-NB-R9VD2EM on 17-02-2015 05:31:07
Running from C:\Users\kuaa9113\Desktop
Loaded Profiles: kuaa9113 (Available profiles: kuaa9113 & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\kuaa9113\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\kuaa9113\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2455280 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [uSB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Run: [spotify Web Helper] => C:\Users\kuaa9113\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-09] (Spotify Ltd)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [1] cmd.exe
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [2] command.com
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer\DisallowRun: [3] tourstart.exe
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoChangeStartMenu] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoPropertiesMyComputer] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\MountPoints2: {39a7b1c0-0864-11e4-a743-3c970e4b51e3} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
 
Chrome: 
=======
CHR HomePage: Default -> https://infozone.sjvc.edu/
CHR StartupUrls: Default -> "https://infozone.sjvc.edu/Pages/InfoZone.aspx","hxxp://binkiland.com/?f=7&a=bnk_dnldstr_15_07&cd=2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0D0DtD0E0DzzyB0FzytCtN0D0Tzu0StCtCyEtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0F0Czz0AtC0FtG0CtDyE0DtGyD0F0CyDtG0DyCtByCtGtDtA0DyDyCyEyC0DyD0C0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtA0E0CtC0AtBtGzy0EyBzytGyEtDtAzytG0A0CtB0BtG0A0F0F0D0B0BtDtDzytAyByE2Q&cr=546289506&ir=", "hxxp://binkiland.com/?f=7&a=&cd=&cr=&ir="
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR Profile: C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
CHR Extension: (YouTube) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (Google Search) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Gmail) - C:\Users\kuaa9113\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cphs; C:\windows\system32\IntelCpHeciSvc.exe [276288 2013-02-19] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 iaStorA; C:\windows\System32\drivers\iaStorA.sys [505192 2013-08-02] (Intel Corporation)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [25448 2013-08-02] (Intel Corporation)
R0 iusb3hcs; C:\windows\System32\drivers\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [56432 2013-05-16] (Intel Corporation)
R1 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-26] (Intel Corporation)
S3 SmbDrv; C:\windows\system32\drivers\Smb_driver_AMDASF.sys [24816 2014-02-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [25328 2014-02-24] (Synaptics Incorporated)
S3 VMWVAUDIO; C:\windows\System32\drivers\vmwvaudio.sys [39448 2012-11-30] (VMware, Inc.)
S3 vmwvhub; C:\windows\System32\Drivers\vmwvhub.sys [88656 2013-02-06] (VMware, Inc.)
S3 vmxnet3ndis6; C:\windows\System32\DRIVERS\vmxnet3n61x86.sys [68760 2012-11-17] (VMware, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S1 vmdebug; \??\C:\Windows\system32\Drivers\vmdebug.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 05:29 - 2015-02-17 05:29 - 01125888 _____ (Farbar) C:\Users\kuaa9113\Desktop\FRST (1).exe
2015-02-17 03:31 - 2015-02-17 03:47 - 00000000 ____D () C:\AdwCleaner
2015-02-17 03:29 - 2015-02-17 03:30 - 02112512 _____ () C:\Users\kuaa9113\Desktop\AdwCleaner.exe
2015-02-17 03:28 - 2015-02-17 03:28 - 01388274 _____ (Thisisu) C:\Users\kuaa9113\Downloads\JRT (3).exe
2015-02-17 03:27 - 2015-02-17 03:27 - 00000634 _____ () C:\Users\kuaa9113\Desktop\JRT.txt
2015-02-17 03:24 - 2015-02-17 03:24 - 01388274 _____ (Thisisu) C:\Users\kuaa9113\Downloads\JRT (2).exe
2015-02-17 03:12 - 2015-02-17 03:12 - 01388274 _____ (Thisisu) C:\Users\kuaa9113\Downloads\JRT (1).exe
2015-02-17 03:09 - 2015-02-17 03:10 - 01388274 _____ (Thisisu) C:\Users\kuaa9113\Downloads\JRT.exe
2015-02-17 03:04 - 2015-02-17 03:04 - 01388274 _____ (Thisisu) C:\Users\kuaa9113\Desktop\JRT.exe
2015-02-17 01:13 - 2015-02-17 05:32 - 00016480 _____ () C:\Users\kuaa9113\Desktop\FRST.txt
2015-02-17 01:13 - 2015-02-17 01:13 - 00117586 _____ () C:\Users\kuaa9113\Downloads\FRST (1).txt
2015-02-17 00:26 - 2015-02-17 00:26 - 00030243 _____ () C:\Users\kuaa9113\Desktop\Addition.txt
2015-02-17 00:25 - 2015-02-17 00:26 - 00023160 _____ () C:\Users\kuaa9113\Downloads\FRST.txt
2015-02-17 00:24 - 2015-02-17 05:31 - 00000000 ____D () C:\FRST
2015-02-17 00:24 - 2015-02-17 00:24 - 02085888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST64 (1).exe
2015-02-17 00:24 - 2015-02-17 00:24 - 01125888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST.exe
2015-02-17 00:22 - 2015-02-17 00:22 - 02085888 _____ (Farbar) C:\Users\kuaa9113\Downloads\FRST64.exe
2015-02-16 23:20 - 2015-02-16 23:20 - 00000010 _____ () C:\Users\kuaa9113\AppData\Local\DSI.DAT
2015-02-15 10:19 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Component
2015-02-15 10:19 - 2015-02-16 23:31 - 00000000 ____D () C:\Program Files\PDF Reader
2015-02-15 10:18 - 2015-02-16 23:31 - 00000000 ____D () C:\Program Files\NpackdCL
2015-02-15 10:18 - 2015-02-15 10:18 - 00000000 ____D () C:\ProgramData\Npackd
2015-02-15 10:17 - 2015-02-16 23:31 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Fast Browser
2015-02-15 10:16 - 2015-02-15 10:17 - 00000000 ____D () C:\Program Files\Fast Browser
2015-02-15 10:12 - 2015-02-15 10:12 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn (2).tax2013
2015-02-15 10:10 - 2015-02-15 10:10 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn.tax2013
2015-02-15 10:10 - 2015-02-15 10:10 - 00198344 _____ () C:\Users\kuaa9113\Downloads\TurboTaxReturn (1).tax2013
2015-02-14 19:29 - 2015-02-14 19:29 - 01055936 _____ (Adobe) C:\Users\kuaa9113\Downloads\install_flash_player_ax.exe
2015-02-14 19:27 - 2015-02-14 19:27 - 00000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3
2015-02-14 19:25 - 2015-02-14 19:26 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\kuaa9113\Downloads\Adobe_Flash_Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 05:32 - 2009-07-13 20:34 - 00024032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 05:32 - 2009-07-13 20:34 - 00024032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 05:28 - 2014-07-10 12:02 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 05:27 - 2014-07-09 15:00 - 01311791 _____ () C:\windows\WindowsUpdate.log
2015-02-17 03:50 - 2014-10-25 11:49 - 00000000 ___RD () C:\Users\kuaa9113\Dropbox
2015-02-17 03:50 - 2014-10-25 11:45 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Dropbox
2015-02-17 03:49 - 2014-09-24 12:32 - 00000000 ____D () C:\Users\kuaa9113\Tracing
2015-02-17 03:49 - 2014-07-10 12:02 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 03:48 - 2009-07-13 20:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-17 03:48 - 2009-07-13 20:39 - 00062115 _____ () C:\windows\setupact.log
2015-02-16 23:51 - 2014-10-25 11:49 - 00000994 _____ () C:\Users\kuaa9113\Desktop\Dropbox.lnk
2015-02-16 23:51 - 2014-10-25 11:47 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-16 23:47 - 2014-07-10 08:07 - 00000000 ____D () C:\Users\kuaa9113
2015-02-16 23:32 - 2009-07-13 18:37 - 00000000 ____D () C:\windows\system32\wfp
2015-02-16 23:31 - 2014-07-10 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-16 23:31 - 2014-07-10 07:11 - 00000000 ____D () C:\Users\ED_Deploy
2015-02-16 23:31 - 2014-07-09 15:02 - 00000000 ____D () C:\Users\Administrator
2015-02-16 23:31 - 2013-05-19 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-16 23:31 - 2010-11-20 16:31 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-16 23:31 - 2009-07-13 18:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-16 23:31 - 2009-07-13 18:37 - 00000000 ____D () C:\windows\registration
2015-02-14 19:29 - 2014-07-10 11:00 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Adobe
2015-02-12 19:06 - 2014-08-06 16:39 - 00000000 ____D () C:\Users\kuaa9113\AppData\Local\Spotify
2015-02-10 14:01 - 2014-08-06 16:38 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\Spotify
2015-02-06 16:28 - 2014-07-10 12:06 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 10:24 - 2010-11-20 13:48 - 00032646 _____ () C:\windows\PFRO.log
2015-02-01 16:32 - 2014-08-04 19:05 - 00000000 ____D () C:\Users\kuaa9113\AppData\Roaming\HpUpdate
 
==================== Files in the root of some directories =======
 
2015-02-14 19:27 - 2015-02-14 19:27 - 0000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3
2015-02-16 23:20 - 2015-02-16 23:20 - 0000010 _____ () C:\Users\kuaa9113\AppData\Local\DSI.DAT
2014-08-04 19:04 - 2014-08-04 19:04 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\kuaa9113\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppt7lz7.dll
C:\Users\kuaa9113\AppData\Local\Temp\Quarantine.exe
C:\Users\kuaa9113\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 22:44
 
==================== End Of Log ============================

 

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by kuaa9113 at 2015-02-17 05:33:08
Running from C:\Users\kuaa9113\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Forefront Endpoint Protection 2010 (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Forefront Endpoint Protection 2010 (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Aleks 3.18 (HKLM\...\Aleks 3.18) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Automated Accounting (Version: 8.0 - Southwestern Publishing Co.) Hidden
Automated Accounting 8.0 (HKLM\...\InstallShield_{1CB29ACC-626E-11D6-9D83-00E098080F95}) (Version: 8.0 - Southwestern Publishing Co.)
Avatar Document Imaging and Archiving (HKLM\...\{3F1B8FE6-3BDF-40A5-A2F5-6115B66F4A06}) (Version: 2.0.10 - Netsmart)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Clinical Simulation Seminar Collection (C:\Program Files\Cedric Mills\) #3 (HKLM\...\ST6UNST #10) (Version:  - )
Clinical Simulation Seminar Collection (C:\Program Files\Cedric Mills\) (HKLM\...\ST6UNST #2) (Version:  - )
Clinical Simulation Seminar Collection (HKLM\...\ST6UNST #1) (Version:  - )
CMA, RMA, and CMAS Exam Preparation (HKLM\...\{6D1649CD-7AA7-488C-BCB1-6F5003628BAC}) (Version:  - )
CPC Coding Exam Review 2011 (HKLM\...\CPC Coding Exam Review 2011) (Version:  - Elsevier)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elsevier Pageburst (HKLM\...\{4332EE85-5BCE-48BA-AA56-BF6CD1BC2262}) (Version: 6.01.0009 - Ingram Digital)
GMetrix SMS (HKLM\...\{958AAA08-5B3D-4E91-8B7C-E07175110416}) (Version: 3.2.0.1 - GMetrix LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboarding Pro 4 (HKLM\...\Keyboarding Pro 4) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) #3 (HKLM\...\ST6UNST #7) (Version:  - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) #4 (HKLM\...\ST6UNST #8) (Version:  - )
LindseyJones 28 Clinical Simulations (C:\Program Files\CHF - Pulmonary Edema\) (HKLM\...\ST6UNST #6) (Version:  - )
LindseyJones 28 Clinical Simulations (HKLM\...\ST6UNST #5) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (C:\Program Files\Myasthenia Gravis\) #3 (HKLM\...\ST6UNST #9) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (C:\Program Files\Myasthenia Gravis\) (HKLM\...\ST6UNST #4) (Version:  - )
LindseyJones 725 CRT RRT Exam Questions (HKLM\...\ST6UNST #3) (Version:  - )
Medical Terminology for Health Professions (HKLM\...\Medical Terminology for Health Professions_is1) (Version:  - Cengage Delmar Learning)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Forefront Endpoint Protection 2010 (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MOSS v2.0 (HKLM\...\{E5EAB38C-D6CE-4B83-85A3-D006D9832292}) (Version: 2.0.0 - Delmar Learning)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyITLab ActiveX Installer 2, 9, 8, 65535 (HKLM\...\MyITLab ActiveX Installer_is1) (Version:  - Pearson Education)
PACprep V3.0 (HKLM\...\{A64BD882-988B-471A-B45A-58144A5CA643}) (Version: 1.00.0000 - DataChem Software, Inc.)
PharmacyLabs (HKLM\...\{1775A9E2-14BC-AF20-5BE9-BEFF2A58B8FC}) (Version: 1.0.2 - EMC Publishing, LLC)
R.A.L.E. Lung Sounds (HKLM\...\R.A.L.E. Lung Sounds_is1) (Version:  - PixSoft Inc.)
Respondus LockDown Browser - Lab Version (HKLM\...\{3DEC3ECB-D6FB-450E-8248-D05C36AD5FA4}) (Version: 1.0.5.05 - Respondus, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Spotify (HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spring Medical Systems, Inc. SpringCharts EHR Demo Version 9.7.5 SP1.1 (HKLM\...\SpringCharts EHR Demo) (Version: Version 9.7.5 SP1.1 - Spring Medical Systems, Inc.)
SureTrak 3.0 (HKLM\...\SureTrak 3.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.34 - Synaptics Incorporated)
TriMed Technologies e-Medsys Client for Delmar / Cengage Learning (HKLM\...\TriMed Technologies E-Medsys Educational Edition_is1) (Version:  - TriMed Technologies)
VitalSource Bookshelf (HKLM\...\{68006BA9-9E59-4DEB-89C2-4A0C9EE7CFF1}) (Version: 6.01.0009 - Ingram Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\kuaa9113\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3115626628-1226218140-1781437045-102432_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
14-12-2014 10:36:44 Windows Update
15-12-2014 15:59:30 Installed Avatar Document Imaging and Archiving
15-12-2014 16:03:43 Installed Java 7 Update 45
18-12-2014 10:51:30 Windows Update
21-12-2014 12:27:20 Windows Update
25-12-2014 11:24:29 Windows Update
28-12-2014 17:00:00 Windows Update
31-12-2014 21:47:22 Windows Update
04-01-2015 03:35:28 Windows Update
08-01-2015 21:37:36 Windows Update
15-01-2015 17:48:29 Windows Update
19-01-2015 21:29:03 Windows Update
25-01-2015 08:58:30 Windows Update
29-01-2015 04:11:38 Windows Update
01-02-2015 16:55:00 Windows Update
06-02-2015 19:35:33 Windows Update
10-02-2015 14:23:07 Windows Update
14-02-2015 19:40:58 Windows Update
15-02-2015 10:17:54 Installed NpackdCL
16-02-2015 23:29:25 Restore Operation
16-02-2015 23:44:54 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1FF23B29-0317-414B-AA16-47CC6C25B724} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {2893BD6F-B819-4BE4-AE65-C8A3A41BCC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {71283E72-EB77-4330-AC79-2888BAEA8C02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B67AF3FE-89F7-44F2-BC69-24653A4736AD} - System32\Tasks\{D8168A14-69F6-4175-B83F-D85B6E12A59B} => pcalua.exe -a "F:\NBRC help, tips, practice\Lindsey Jones\28 stimulations\setup.exe" -d "F:\NBRC help, tips, practice\Lindsey Jones\28 stimulations"
Task: {D872B4CB-08DD-4504-9FBF-1173B6402637} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E7F99386-61E8-4358-AFBD-D0357EDB262B} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-21 07:06 - 2012-10-04 18:50 - 00088688 _____ () C:\windows\System32\cpwmon2k.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-19 17:42 - 2013-02-19 17:42 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00750080 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-17 03:49 - 2015-02-17 03:49 - 00043008 _____ () c:\users\kuaa9113\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppt7lz7.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00047616 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00865280 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00200704 _____ () C:\Users\kuaa9113\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 16:28 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\Control Panel\Desktop\\Wallpaper -> C:\Users\kuaa9113\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-624683280-2784528852-2041967562-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-624683280-2784528852-2041967562-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2015 03:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2015 03:43:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2015 03:36:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/17/2015 03:49:27 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/17/2015 03:48:41 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/17/2015 03:48:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/17/2015 03:48:37 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ED due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/17/2015 03:42:36 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/17/2015 03:41:37 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/17/2015 03:41:35 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ED due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/17/2015 03:35:30 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/17/2015 03:34:48 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/17/2015 03:34:43 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
 
Microsoft Office Sessions:
=========================
Error: (02/17/2015 03:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2015 03:43:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2015 03:36:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 1616.02 MB
Available physical RAM: 534.13 MB
Total Pagefile: 3232.05 MB
Available Pagefile: 2072.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.4 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:465.27 GB) (Free:380.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61B7776F)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

I apologize for the delay, I was swamped with an additional work and that prevented me from replying daily.

I see the point, but we won't get it another wat than Chrome reset, so after posting your fix report we'll do that.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startCreateRestorePoint:HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml2015-02-14 19:27 - 2015-02-14 19:27 - 00000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3EmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Link to post
Share on other sites

Hey Radek, I understand. But thank you for following up. Here is the result from the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by kuaa9113 at 2015-02-20 09:24:37 Run:1
Running from C:\Users\kuaa9113\Desktop
Loaded Profiles: kuaa9113 (Available profiles: kuaa9113 & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
2015-02-14 19:27 - 2015-02-14 19:27 - 00000088 _____ () C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3
EmptyTemp:
end
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-3115626628-1226218140-1781437045-102432\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml => Moved successfully.
C:\Users\kuaa9113\AppData\Local\368a7fa2658ab64cb979c98f1545d7f3 => Moved successfully.
EmptyTemp: => Removed 4.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:26:44 ====
Link to post
Share on other sites

Hi and apologies.

chrome.png Reset Chrome to defaults

Please open Google Chrome.

  • Enter the Chrome menu by clicking the chrome-menu.png button.
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
  • Chrome will reset itself.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Google Chrome
After completing uninstalls, please manually reboot your machine!

chrome.png Google Chrome reinstall

Please go to the official Chrome download website and install a fresh version.

Link to post
Share on other sites

Just an update, when I was searching through my Google Chrome settings I noticed there was a tab that said On Startup >> Open to a Specific Page or Set of Pages.

 

When I clicked on the tab, both of the two Binkiland URLs were displayed in this tab. I simply removed both from this tab and now Binkiland does not open when I open my Chrome browser.

 

However, I am sure this did not solve the actual problem. Just wanted to let you know.

Link to post
Share on other sites

  • Root Admin

Looks like Radek may have lost the link to your topic. I'll go ahead and take over for him and assist you.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Enterprise x86
Ran by kuaa9113 on Wed 03/04/2015 at 10:56:41.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/04/2015 at 10:58:38.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.