Jump to content

My Adware does not cease!


Recommended Posts

Hello Malwarebytes,
 
I would like to start off by saying I love your work. I'm new to the forums so I haven't had a chance to express that. Unfortunately, this is not my first run-in with adware problems, but I have always used your helpful guides to quickly and efficiently remove the spam! Today does not seem to be the case though. I had downloaded a few of my files off a filesharing site... regrettably, I had forgotten to uncheck the box labeled, "Download with our download manager" or something to that extent. Before I knew it, the thing was installing (as I had it set to autorun downloads) and I couldn't stop the installation from installing a bunch of crap to my computer on time. The first appearance of the adware was called, "Red Adblocker" and despite its name, has been putting ads on web pages that originally do not have ads. I uninstalled all the applications I thought to be part of the problem, reset google chrome, then ran Hitmanpro, Adware Cleaner, and malwarebytes, but to no avail. "Red Adblocker" still persisted to create ads and I had given up and ignored it at this point. Now, "Red Adblocker" seems to have been replaced with a more aggressive adware called, "AdFreeApp." I need help to remove this, there doesn't seem to be an extension in Chrome, but the ads keep popping up, there are no apps installed anymore that I do not trust, Hitmanpro, Adware Cleaner, and Malwarebytes no longer detect anything, and the problem is still there. I cannot factory reset this computer either... Can I get some help?
 

FRST.txtScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015Ran by Admin (administrator) on ADMIN-PC on 11-07-2015 13:18:40Running from C:\Users\Admin\DownloadsLoaded Profiles: Admin (Available Profiles: Admin)Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Webroot) C:\Program Files\Webroot\WRSA.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe() C:\Windows\System32\igfxTray.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(LD_POS) C:\Program Files\LD_POS\LDPos\LD_Dinner.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-10] (Intel Corporation)HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-11-04] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1003224 2013-11-05] (Realtek Semiconductor)HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [823720 2015-07-01] (Webroot)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1003224 2013-11-05] (Realtek Semiconductor)Winlogon\Notify\igfxcui: igfxdev.dll [X]HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\MountPoints2: {164d9f13-4cb3-11e4-87dd-3c77e66f3474} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\splash.htaHKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\MountPoints2: {618e27e8-2892-11e4-8d85-3c77e66f3474} - F:\dvdrun.exeHKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-04-13] (Microsoft Corporation)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.earthlink.netSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&q={searchTerms}BHO: Accelerator Plugin -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\Program Files\EarthLink Accelerated\prpl_IePopupBlocker.dll [2009-06-25] (Propel Software Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-15] (Webroot)BHO: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll No FileDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2008-07-24] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25Tcpip\..\Interfaces\{43331579-241D-4F89-9816-5785D253341E}: [DhcpNameServer] 192.168.0.1 205.171.2.25FireFox:========FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlty4eu4.defaultFF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @qq.com/npOpenPlatform -> C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3201\npQPMWebGamePlugin.dll No FileFF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No FileFF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No FileFF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1026416997-2916169332-1528636737-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServerFF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-06-15]Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-11]CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-11]CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-11]CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-11]CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-11]CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-11]CHR Extension: (Webroot Filtering Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-07-11]CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-11]CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-11]CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.59.crx [2015-06-15]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280840 2015-03-19] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [293128 2015-03-19] (Intel Corporation)R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)R2 MsDtsServer; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [202592 2011-03-25] (Microsoft Corporation)R2 msftesql; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29294432 2011-03-25] (Microsoft Corporation)S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [14955360 2011-03-25] (Microsoft Corporation)S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-14] (Microsoft Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [250072 2013-10-16] (Realtek Semiconductor)S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [346976 2010-12-10] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [823720 2015-07-01] (Webroot)S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2014-02-20] (Intel Corporation)R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [364528 2014-02-20] (Intel Corporation)R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [800240 2014-02-20] (Intel Corporation)R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2013-12-10] (Intel Corporation)R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-13] (Microsoft Corporation)R1 PCIESER; C:\Windows\System32\drivers\PCIESER.sys [67584 2013-07-22] (www.winchiphead.com)S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [119288 2015-07-01] (Webroot)S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [37432 2015-06-15] (Webroot)S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]U0 SR; No ImagePathU2 srservice; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-11 13:18 - 2015-07-11 13:19 - 00017587 _____ C:\Users\Admin\Downloads\FRST.txt2015-07-11 13:18 - 2015-07-11 13:18 - 01634816 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe2015-07-11 13:18 - 2015-07-11 13:18 - 00000000 ____D C:\FRST2015-07-11 11:52 - 2015-07-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent2015-07-11 11:46 - 2015-07-11 11:47 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe2015-06-29 20:00 - 2015-06-29 20:00 - 00001231 _____ C:\Users\Admin\Desktop\Should I Remove It.lnk2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 ____D C:\Program Files\Reason2015-06-29 11:55 - 2015-06-29 11:55 - 02178872 _____ (Reason Software Company Inc.) C:\Users\Admin\Downloads\ShouldIRemoveIt_Setup.exe2015-06-29 11:40 - 2015-06-29 11:40 - 00000000 ____D C:\Windows\pss2015-06-26 15:58 - 2015-06-26 15:59 - 00105970 _____ C:\Users\Admin\Downloads\Asian Cuisine Best Two.pptx2015-06-18 21:02 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL2015-06-18 21:02 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll2015-06-18 20:55 - 2015-05-09 12:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-06-18 20:55 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2015-06-18 20:55 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2015-06-18 20:55 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2015-06-18 20:55 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2015-06-18 20:54 - 2015-05-08 21:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-06-18 20:54 - 2015-05-08 21:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-06-18 20:54 - 2015-05-08 21:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-06-18 20:54 - 2015-05-08 21:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-06-18 20:54 - 2015-05-08 21:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-06-18 20:54 - 2015-05-08 21:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-06-18 20:46 - 2015-06-19 10:25 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat2015-06-15 18:45 - 2015-07-01 11:07 - 00167632 _____ (Webroot) C:\Windows\system32\WRusr.dll2015-06-15 18:45 - 2015-07-01 11:07 - 00119288 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys2015-06-15 18:45 - 2015-06-28 09:41 - 00000000 ____D C:\Program Files\Webroot2015-06-15 18:45 - 2015-06-15 18:45 - 00037432 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys2015-06-15 18:45 - 2015-06-15 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere2015-06-13 15:02 - 2015-06-13 15:02 - 00002350 _____ C:\Windows\system32\.crusader2015-06-13 14:53 - 2015-06-13 15:04 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-13 14:52 - 2015-06-18 20:47 - 10113976 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe2015-06-13 14:35 - 2015-06-13 14:35 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-13 14:24 - 2015-07-11 11:53 - 00000000 ____D C:\AdwCleaner2015-06-13 14:18 - 2015-06-13 14:18 - 00721454 _____ C:\Users\Admin\Downloads\ttp08.rar2015-06-13 14:05 - 2015-07-10 21:36 - 00000000 ____D C:\ProgramData\WRData2015-06-13 13:59 - 2015-06-13 13:59 - 00000000 ____D C:\Windows\system32\appmgmt2015-06-11 20:40 - 2015-07-10 12:45 - 00000024 _____ C:\Users\Admin\AppData\Roaming\appdataFr25.bin==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-11 14:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-07-11 13:15 - 2014-09-12 17:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-07-11 13:04 - 2009-07-13 22:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-11 13:04 - 2009-07-13 22:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-11 13:00 - 2014-08-18 06:25 - 01026066 _____ C:\Windows\system32\PerfStringBackup.INI2015-07-11 12:59 - 2014-08-18 06:17 - 01910396 _____ C:\Windows\WindowsUpdate.log2015-07-11 12:56 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-11 12:56 - 2009-07-13 22:39 - 00044647 _____ C:\Windows\setupact.log2015-07-11 10:39 - 2015-06-07 12:53 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job2015-06-23 13:27 - 2014-08-28 20:54 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-06-19 14:04 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET2015-06-19 14:00 - 2014-08-20 11:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server2015-06-19 11:04 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache2015-06-18 21:04 - 2014-08-20 11:31 - 00000000 ____D C:\Program Files\Intel2015-06-18 21:02 - 2015-06-07 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 20082015-06-18 20:44 - 2014-08-20 11:36 - 00000000 ____D C:\Program Files\Common Files\Intel2015-06-15 22:03 - 2014-08-20 13:02 - 00099722 _____ C:\Windows\PFRO.log2015-06-15 18:52 - 2015-04-25 13:28 - 00001945 _____ C:\Windows\epplauncher.mif2015-06-12 14:09 - 2015-04-25 14:27 - 00000000 ____D C:\Windows\system32\MRT2015-06-12 14:00 - 2015-04-25 14:27 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe==================== Files in the root of some directories =======2015-06-11 20:40 - 2015-07-10 12:45 - 0000024 _____ () C:\Users\Admin\AppData\Roaming\appdataFr25.bin2014-08-20 03:59 - 2014-08-20 03:59 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg2015-06-07 13:06 - 2015-06-07 13:06 - 0000000 _____ () C:\Users\Admin\AppData\Local\Temp.datSome files in TEMP:====================C:\Users\Admin\AppData\Local\Temp\Quarantine.exeC:\Users\Admin\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-07-06 10:37==================== End of log ============================
Addition.txtAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015Ran by Admin at 2015-07-11 13:19:09Running from C:\Users\Admin\DownloadsBoot Mode: Normal============================================================================== Accounts: =============================Admin (S-1-5-21-1026416997-2916169332-1528636737-1000 - Administrator - Enabled) => C:\Users\AdminAdministrator (S-1-5-21-1026416997-2916169332-1528636737-500 - Administrator - Disabled)Guest (S-1-5-21-1026416997-2916169332-1528636737-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1026416997-2916169332-1528636737-1010 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) HiddenDotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)EarthLink Access Software (HKLM\...\EarthLink Online) (Version:  - EarthLink, Inc)GDR 5057 for SQL Server Analysis Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_OLAP9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Database Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_SQL9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Integration Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_DTS9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Notification Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_NS9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Tools and Workstation Components 2005 ENU (KB2494120) (HKLM\...\KB2494120_SQLTools9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenIntel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)LDPos (HKLM\...\{039C84DC-7EE5-487C-AB8F-AA4525146C55}) (Version: 1.0.0 - LD_POS)Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)Microsoft MapPoint North America 2009 (HKLM\...\{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}) (Version: 16.0.19.1500 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM\...\{90A40804-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)Microsoft SQL Server 2005 向后兼容 (HKLM\...\{91608993-2560-48D3-8F1C-9AC1A0586380}) (Version: 8.05.2312 - Microsoft Corporation)Microsoft SQL Server 2005 联机丛书(简体中文)(2007 年 9 月) (HKLM\...\{BB1B836A-2A30-498E-A5A6-B6513F88DC05}) (Version: 9.00.3108 - Microsoft Corporation)Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)Microsoft SQL Server Native Client (HKLM\...\{DFF48630-4D13-43EC-8D7A-88A180E3A41C}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 安装程序支持文件(英语) (HKLM\...\{17B9F0CD-E8D3-4094-A72C-B886F409D793}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2005 Premier Partner Edition - CHS (HKLM\...\{A96609C2-BEF7-49FA-B743-CEE6A4D81435}) (Version: 8.0.50728 - Microsoft Corporation)Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 Service Pack 1 (KB926604) (HKLM\...\KB926604.T2_160ToU263_160) (Version: 1 - Microsoft Corporation)Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Premium - ENU (HKLM\...\Microsoft Visual Studio 2010 Premium - ENU) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)QQ输入法纯净版1.2 (HKLM\...\QQ输入法纯净版) (Version: 1.2 - 腾讯公司)Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)Should I Remove It (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)Skype(TM) 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SQL Server Analysis Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_OLAP9) (Version: 9.4.5000 - Microsoft Corporation)Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) HiddenSQL Server Database Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_SQL9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Integration Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_DTS9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Notification Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_NS9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Tools and Workstation Components 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_SQLTools9) (Version: 9.4.5000 - Microsoft Corporation)SQLXML4 (HKLM\...\{A3561A1B-C233-4D59-ACC3-8A7AAC9C3618}) (Version: 9.00.5000.00 - Microsoft Corporation)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTencent QQMail Plugin (HKLM\...\QQMailPlugin) (Version:  - )UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version:  - )Unity Web Player (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.0.64 - Webroot)Windows Driver Package - Atheros Communications Inc. (athr) Net  (08/25/2013 10.0.0.263) (HKLM\...\6FEFE5F09E19F74D9333681CD0D0E0D8FBB90720) (Version: 08/25/2013 10.0.0.263 - Atheros Communications Inc.)Windows Driver Package - Realtek (RSUSBSTOR) USB  (11/21/2013 6.2.9600.30171) (HKLM\...\22741B5A0738796D11506334EFBD44BCED3BD680) (Version: 11/21/2013 6.2.9600.30171 - Realtek)WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)搜狗壁纸 (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\SogouWallPaper) (Version:  - Sogou.com)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Hotfix (KB2938803) (HKLM\...\KB2938803.T369_160ToU880_160) (Version: 1 - Microsoft Corporation)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Security Update (KB2251481) (HKLM\...\KB2251481.T369_160ToU865_160) (Version: 3 - Microsoft Corporation)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Update (KB932230) (HKLM\...\KB932230.T369_160ToU407_160) (Version: 1 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exe No FileCustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)CustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)==================== Restore Points =========================18-06-2015 20:59:52 Windows Update18-06-2015 21:13:59 Checkpoint by HitmanPro19-06-2015 14:00:12 Windows Update23-06-2015 10:50:29 Windows Update29-06-2015 20:00:14 Installed Should I Remove It30-06-2015 10:14:12 Windows Update06-07-2015 10:18:52 Windows Update10-07-2015 10:22:11 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2015-06-13 14:13 - 2015-06-15 18:43 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {34449ED7-0447-413B-8BA5-452D68109CD7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)Task: {A2DBA70B-3AF7-40D6-A895-7D3A0FEF9B6A} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{a2f26df3-2857-0b34-a2f2-26df3285b7cc}\uiso9.6.2.rar.exe <==== ATTENTION==================== Loaded Modules (Whitelisted) ==============2015-03-31 19:00 - 2015-03-19 21:00 - 00414472 _____ () C:\Windows\system32\igfxTray.exe2013-03-13 18:50 - 2013-03-13 18:50 - 00034304 _____ () C:\Program Files\LD_POS\LDPos\LD_Common.dll2013-04-11 19:33 - 2013-04-11 19:33 - 00075264 _____ () C:\Program Files\LD_POS\LDPos\LD_BLL.dll2013-04-11 19:33 - 2013-04-11 19:33 - 00213504 _____ () C:\Program Files\LD_POS\LDPos\LD_DAL.dll2011-12-03 18:26 - 2011-12-03 18:26 - 00056832 _____ () C:\Program Files\LD_POS\LDPos\LD_Model.dll2014-08-20 11:33 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll2015-05-25 13:35 - 2015-05-22 14:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll2015-05-25 13:35 - 2015-05-22 14:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll2015-05-25 13:35 - 2015-05-22 14:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\LocalLow\SogouWP\Net\WallPaper\1091938.jpgDNS Servers: 192.168.0.1 - 205.171.2.25==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AERTFilters => 2MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\startupreg: Bart Station => C:\Program Files\EarthLink\ISP\ISP8130\BIN\PPCOLink.exe -STATIONMSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: winsogouqzgaoqing => "C:\Users\Admin\AppData\Roaming\SogouWP\Boot\winsogouqzgaoqing.exe" -a -SGWallPaperMSCONFIG\startupreg: **����)**�� => ==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{3C5CA8DD-14DF-4E29-A4E4-33BE52AFF435}] => (Allow) C:\Users\Admin\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exeFirewallRules: [{2E01CD63-F370-4940-8053-AA68BE70FC6B}] => (Allow) C:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.exeFirewallRules: [{7435F2D5-4317-4EF2-8F32-8BB224E5E8C5}] => (Allow) C:\Program Files\Tencent\QQ\Bin\QQ.exeFirewallRules: [{92EEF71B-D255-47D2-9706-DCD93F4D9AC1}] => (Allow) C:\Program Files\Tencent\QQ\Bin\auclt.exeFirewallRules: [{A04A65F4-2170-4489-B41F-44F9D7B9CEA3}] => (Allow) C:\Program Files\Tencent\QQ\Bin\txupd.exeFirewallRules: [{C9BBB3F7-C863-4519-9549-49765F6B54F2}] => (Allow) C:\Program Files\Tencent\QQ\Bin\SetupEx\SetupEx.exeFirewallRules: [{3FC9C058-67BC-4EA6-8865-0593403D4118}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maLauncher.exeFirewallRules: [{78B7B1CE-1782-45F4-934D-3039D47DE5BC}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maUpdat.exeFirewallRules: [{56F865F2-1254-4B87-9307-0452E1D8B29C}] => (Allow) C:\program files\common files\tencent\qqdownload\128\bugreport_xf.exeFirewallRules: [{3FA38379-0FC5-43B8-A24E-F86C1A6412CE}] => (Allow) C:\program files\common files\tencent\qqdownload\128\tencentdl.exeFirewallRules: [{66CECCF0-881E-410B-A10D-6A0871838D3E}] => (Allow) C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.exeFirewallRules: [{B7154D12-A4D8-48F9-AEB1-8FC504107083}] => (Allow) C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.exeFirewallRules: [{0990C712-A5FB-4D6D-8599-78C57B6D7ADA}] => (Allow) C:\program files\common files\tencent\qqminidl\60\QQMiniDLUI.exeFirewallRules: [{84E2F51A-05C1-43D0-A8C2-E8A23E2A7494}] => (Allow) C:\program files\common files\tencent\qqminidl\60\QQGameUpUI.exeFirewallRules: [{2E419048-5345-44DB-9F90-18579F7B25FE}] => (Allow) C:\program files\common files\tencent\qqminidl\60\qqminidl.exeFirewallRules: [{34E288F3-9196-4374-A4E4-7FD91425981B}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exeFirewallRules: [{4FA20489-6FAF-46F0-9F17-5D6C8ED22E1D}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exeFirewallRules: [{62A98A61-65F5-4EE6-8E9E-094A529D8D6E}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{0C04CAFB-19D5-4848-8F7A-F03F3706DEEA}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{08EA28D6-A8CC-477C-AA69-C715FE3B6070}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{DA9CBE54-ECDD-4E1C-AED6-62D4B10C74F0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{EC551885-835B-425C-9485-3C6BD41FD8D9}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{B4BABE12-2FCF-44A4-9F83-35C799994BE1}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{298786DF-3107-4692-A97D-98BAECF1C360}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{3ADB3992-4EF9-4941-A456-2ABBF7F87F60}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{648FD7CB-1CE1-49FD-9036-5196111AF718}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{7A4E99F6-7CF3-403D-A6F3-E17D6DEDB3FD}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{6C24DECB-3D58-4489-A50D-53035A4B149B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{005C7427-70AD-4FC8-A15E-B24C749DE2B0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{ADB11F2F-DDCB-4B5F-AFC8-CA7D13C07202}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8C57DE5F-7BE3-430C-AC35-96B1D6EB9F0A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{3E3CE379-C45D-4ED1-8FB8-7CA048FF3BE9}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8CB44F73-1D8B-40BE-AEF9-A87F4EB7D7FE}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8C2DC174-6355-4154-B2FA-71F1F94B5DA2}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{87B5EFAC-5B09-4B7F-B9F6-E28CC0CB3038}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{0A32A2BE-8221-4133-9023-004DBF679993}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{7F413299-0BA2-4377-AD51-8F2A61B6BC08}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{806213DD-8978-401E-8645-C739BE862A6A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{883DF379-75EF-4B59-AE7E-0DAF52AF64BA}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{0C4775B7-9B59-4190-A2B5-16D7E0F26D16}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{CCD4F383-3782-420B-83EC-F9EBD745E71A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{969C0EB7-7338-4305-8D98-AC97897E576B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{95329979-9544-4325-861C-9FB74C24C28E}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{12A5394C-62F9-43BE-B33E-63ED70547B34}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{BBD13487-EDAB-4655-95D2-E0520D915C7C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{965536E9-09EC-4A2D-BE71-65D1A54EC954}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{91B96A34-95AB-4B4D-89AC-99268215F02A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{0A5C2F6B-D12C-43FC-B1BB-B6756A2F490B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{CAD36F82-BC98-4550-9DA7-8D032465539C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{B99E3D71-8BB9-4CA0-BBC1-75AB90807CC0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{CBABA4F5-4E5A-4BE9-8DDC-93148533462C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{2A8DD632-9F8B-4002-80DF-1A00BB3049F2}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{887A5BDE-A3EB-43B7-B427-89E3814E3922}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{4FBBD227-DA64-4A36-BDE2-FF4242749F99}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{39605CA5-A991-4434-BBBF-C89F886AEF08}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{69E84C70-14EF-48AA-A06E-9F172C92AEB1}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{27189E55-ADC4-46F1-9F0E-FED1E8A0DDDB}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{78A8AB8D-F5C5-4BC5-AF90-7CB25AFC3AED}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{C854B602-F3A7-4FD1-BA94-D8B8ED10C5C4}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{50D08931-E69D-4F4F-9A11-644AF611F23F}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGUpdater.exeFirewallRules: [{98ABCA38-2FEE-4AB9-91AD-15CAF6EE7BCD}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGUpdater.exeFirewallRules: [{239E0195-7865-4CC5-A6A2-C3FFA645473A}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaper.exeFirewallRules: [{4931ADB3-674F-48C3-8D92-DB816E02B7D8}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaper.exeFirewallRules: [{D73CB55E-4D9F-4C8E-BB54-4ABFC82EE105}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWPThemeMall.exeFirewallRules: [{85DD7997-E67A-46AB-9A35-FDB0341023AC}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWPThemeMall.exeFirewallRules: [{3AC9D5DF-83C9-40BF-85B0-DA7C2457B0F1}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaperDT.exeFirewallRules: [{D284224E-8CBF-426E-ABE8-6CC31450226F}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaperDT.exeFirewallRules: [{4216EC54-6D87-4882-A0F7-322AA0DB54BB}] => (Allow) C:\Users\Admin\AppData\Local\SogouGame\SogouGame.exeFirewallRules: [{329D1987-2BC6-483B-8D12-15DFFD4EF497}] => (Allow) C:\Users\Admin\AppData\Local\SogouGame\SogouGame.exeFirewallRules: [{E11BA6CE-2839-42DC-8D6C-57B456A50333}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouGame\Temp\SogouGameUpdate.exeFirewallRules: [{5E2133D5-C5C1-42D7-BA63-DC9E9A345287}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouGame\Temp\SogouGameUpdate.exeFirewallRules: [{D36237DF-E754-4309-951C-5A987B46CE64}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exeFirewallRules: [{F08C47A1-B83E-4175-9F09-456A3AC3CA7E}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exeFirewallRules: [{B594F1B8-1CFD-4BE5-A34F-740C7A690B4D}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exeFirewallRules: [{71EF35A4-B802-44D6-8097-9FF6F3DD9E53}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exeFirewallRules: [{CADD20DE-8A48-48C0-88E8-F1E0643EEBC3}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\5.1.7.15323\SGRepairTool.exeFirewallRules: [{4B466664-D36B-4904-9F3A-80A7349587A5}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\5.1.7.15323\SGRepairTool.exeFirewallRules: [{196DC1B3-949A-4AD0-96F1-7B8BE13B9F66}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeFirewallRules: [{5735F05F-2207-488C-A979-DB41395B9170}] => (Allow) C:\Program Files\Skype\Phone\Skype.exeFirewallRules: [{E28D1A28-6247-4DB7-8E49-4859AB15E9DF}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{8DD3467F-89B0-441A-9206-D4B812A30F70}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{D7CDAC57-58C0-4F83-8774-22C482319D1E}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{D903D96E-BFA3-4623-BB4A-20F853216685}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{BA93A875-2469-4395-81F7-08E1EA96546F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{7EC783B6-02D1-48B4-BE5A-411D9C9C219B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{B6F5541C-EF42-4CCC-8CD9-35946DC71E90}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/10/2015 02:32:53 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/07/2015 11:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/07/2015 11:19:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/23/2015 03:01:57 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/23/2015 03:01:56 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/19/2015 02:00:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)Description: Product: Microsoft SQL Server 2008 Database Engine Services - Update '{2D5199EF-6F61-44CA-A60D-CBAB801880F1}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127System errors:=============Error: (07/11/2015 12:58:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2Error: (07/11/2015 12:56:03 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:56:01 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:48:20 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:48:18 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:44:55 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:44:53 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 11:54:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2Error: (07/11/2015 11:52:14 AM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Error: (07/11/2015 11:52:12 AM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data.  This is odd, and it also means no user configuration can be found.Microsoft Office:=========================Error: (07/10/2015 02:32:53 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1026416997-2916169332-1528636737-1000\$R1ZAXSW.exeError: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (07/07/2015 11:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/07/2015 11:19:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (06/23/2015 03:01:57 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (06/23/2015 03:01:56 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (06/19/2015 02:00:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)Description: Microsoft SQL Server 2008 Database Engine Services{2D5199EF-6F61-44CA-A60D-CBAB801880F1}1642(NULL)(NULL)(NULL)==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3240 @ 3.10GHzPercentage of memory in use: 46%Total physical RAM: 3502.95 MBAvailable physical RAM: 1882.01 MBTotal Virtual: 7004.2 MBAvailable Virtual: 5089.18 MB==================== Drives ================================Drive c: () (Fixed) (Total:214.84 GB) (Free:153.98 GB) NTFSDrive d: () (Fixed) (Total:250.82 GB) (Free:248.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C116EC83)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=250.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)==================== End of log ============================
Link to post
Share on other sites

  • Staff

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.


CHR dev: Chrome dev build detected! <======= ATTENTION

Please reinstall Google Chrome.

fixlist.txt

Link to post
Share on other sites

So far, the usually aggressive ads have disappeared from my webpages! Which is definitely a good sign, and I thank you TwinHeadedEagle! The reason I remain skeptical is only because when I tried to solve the issue myself, the ads always disappeared for a day or two before coming back. As of currently though, I do not have any ads and I appreciate your help!

Link to post
Share on other sites

  • Staff

They won't appear again, main malware is removed.

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)

Recommended reading:

icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

icon_arrow.gifCCleaner - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

icon_arrow.gifAdblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation:

btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.