Skip to main content

popup ads from interstat

Comments

19 comments

  • Support

    Hi jddet,

     

    Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post!.

    0
  • Customer

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015


    Ran by John at 2015-03-20 10:42:16


    Running from C:\Users\John\Downloads


    Boot Mode: Normal


    ==========================================================






    ==================== Security Center ========================




    (If an entry is included in the fixlist, it will be removed.)




    AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}


    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}


    AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}


    AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}


    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}


    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}




    ==================== Installed Programs ======================




    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)




    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden


    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)


    Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)


    Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden


    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden


    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden


    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)


    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)


    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)


    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)


    Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden


    AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden


    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)


    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)


    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)


    Applian Director 3 (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)


    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)


    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)


    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)


    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)


    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)


    Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)


    Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)


    Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)


    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)


    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)


    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)


    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)


    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)


    Dropbox (HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)


    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)


    DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)


    DVDFab 9.1.4.5 (14/05/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)


    DVDFab 9.1.8.3 (07/01/2015) (HKLM-x32\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)


    Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden


    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)


    Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.311.2 - White Sky)


    ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )


    FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)


    FreeRIP MP3 Converter 4.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5 - GreenTree Applications SRL)


    Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)


    Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden


    Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden


    Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden


    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)


    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)


    Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)


    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden


    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden


    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )


    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)


    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)


    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden


    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden


    iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)


    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)


    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)


    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )


    LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden


    LG VZW United Drivers (HKLM-x32\...\{AAAB3333-0F97-4A5D-B725-FFD7E7450FD9}) (Version: 2.14.1 - LG Electronics)


    MakeMKV v1.8.10 (HKLM-x32\...\MakeMKV) (Version: v1.8.10 - GuinpinSoft inc)


    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)


    Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden


    Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)


    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)


    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)


    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)


    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)


    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)


    Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden


    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)


    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)


    Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)


    OpenAL (HKLM-x32\...\OpenAL) (Version: - )


    OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)


    PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )


    Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.40 - Applian Technologies Inc.)


    Replay Media Catcher 5 (5.0.1.50) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.50 - Applian Technologies)


    Replay Media Splitter 2.2.1409.56 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 2.2.1409.56 - Applian Technologies Inc.)


    Replay Music 5 (HKLM-x32\...\ReplayMusic5.30) (Version: 5.30 - Applian Technologies Inc.)


    Replay Music 6 (HKLM-x32\...\ReplayMusic6.10) (Version: 6.10 - Applian Technologies Inc.)


    Replay Radio 9 (9.0.1.46) (HKLM-x32\...\Replay Radio 9) (Version: 9.0.1.46 - Applian Technologies)


    Replay Telecorder for Skype 1.3.0.23 (HKLM-x32\...\Replay Telecorder for Skype_is1) (Version: 1.3.0.23 - Applian Technologies Inc.)


    Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)


    ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION


    Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)


    Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)


    Stamps.com (x32 Version: 10.5.2.2570 - Stamps.com, Inc.) Hidden


    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)


    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden


    Unity Web Player (HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)


    Video Padlock (HKLM-x32\...\Video Padlock1.20) (Version: 1.20 - Applian Technologies Inc.)


    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)


    Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)


    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)


    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)


    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)




    ==================== Custom CLSID (selected items): ==========================




    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)




    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    CustomCLSID: HKU\S-1-5-21-317876899-2154345131-621581420-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)




    ==================== Restore Points =========================




    04-03-2015 06:11:45 Scheduled Checkpoint


    11-03-2015 01:04:16 Windows Update


    15-03-2015 13:13:18 AA11




    ==================== Hosts content: ==========================




    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)




    2013-08-22 09:25 - 2015-01-20 13:45 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts




    ==================== Scheduled Tasks (whitelisted) =============




    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)




    Task: {0E678588-04A5-4323-AD55-A095C92661EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)


    Task: {18619084-36A8-4E57-A1BC-39470C6BAB11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15] (Adobe Systems Incorporated)


    Task: {18E6F499-DD05-472D-8DC5-0FA024513F18} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002Core => C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26] (Facebook Inc.)


    Task: {27480FCF-BE67-4976-9111-1D5C9308F990} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)


    Task: {2F1FFE57-7432-488F-AAB1-31DCAFAE3EB6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)


    Task: {30BE1273-1831-4D16-8B23-3B704D9B968E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)


    Task: {39F710A7-11B4-423E-9786-B07ACBB22630} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION


    Task: {58D30F24-7308-4FE0-A7D3-32E898B73F35} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002UA => C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26] (Facebook Inc.)


    Task: {60F4A503-3991-4D94-B3E8-529F81D776E9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)


    Task: {6DECFB94-F320-4FD5-96DA-B570B51DDF7B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)


    Task: {790803AA-F52E-4C88-957E-25AF07CE82F2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)


    Task: {7DEDACD2-EC17-4BA2-8DF0-A057E56DAF07} - System32\Tasks\{E3B371F7-1043-460C-8379-5C7CDEE3CC7C} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0


    Task: {8BAF0B0A-0503-48F2-A2B2-FF583222FD48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)


    Task: {9CFED34A-9528-487A-91D8-BE9B68CD577F} - System32\Tasks\John DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)


    Task: {A83ABB0B-690D-4A69-9B12-7786038FA7D1} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION


    Task: {AFB8D590-35C5-4622-92A5-467CCFA9E0F1} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)


    Task: {B5D572DA-6913-4AEA-9665-74A27A488A29} - System32\Tasks\DSite => C:\Users\John\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION


    Task: {F20D0A6D-CBD5-4C9D-91B9-63E3482AC5E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)


    Task: {FC8746BE-734A-421A-BD14-9E2A5207AFA0} - \BuzzSocialPoints_li_Checker No Task File <==== ATTENTION


    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002Core.job => C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe


    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002UA.job => C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe


    Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION


    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe


    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-317876899-2154345131-621581420-1002UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe




    ==================== Loaded Modules (whitelisted) ==============




    2014-07-09 22:07 - 2012-03-27 23:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE


    2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe


    2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll


    2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe


    2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe


    2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll


    2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll


    2014-11-25 00:59 - 2014-11-25 00:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll


    2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


    2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll


    2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll


    2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll


    2015-03-12 11:57 - 2015-03-12 11:57 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll


    2015-03-20 10:28 - 2015-03-20 10:28 - 00098816 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32api.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00110080 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\pywintypes27.dll


    2015-03-20 10:28 - 2015-03-20 10:28 - 00364544 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\pythoncom27.dll


    2015-03-20 10:28 - 2015-03-20 10:28 - 00045568 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_socket.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 01161216 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_ssl.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00320512 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32com.shell.shell.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00713216 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_hashlib.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 01175040 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._core_.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00805888 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._gdi_.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00811008 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._windows_.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 01062400 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._controls_.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00735232 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._misc_.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00682496 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\pysqlite2._sqlite.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00128512 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_elementtree.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00127488 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\pyexpat.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00087552 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_ctypes.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00119808 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32file.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00108544 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32security.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00007168 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\hashobjs_ext.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00167936 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32gui.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00018432 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32event.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00038912 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32inet.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00011264 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32crypt.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00070656 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._html2.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00027136 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_multiprocessing.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00020480 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\_yappi.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00035840 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32process.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00686080 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\unicodedata.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00122368 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._wizard.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00024064 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32pipe.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00010240 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\select.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00025600 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32pdh.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00525640 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\windows._lib_cacheinvalidation.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00017408 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32profile.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00022528 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\win32ts.pyd


    2015-03-20 10:28 - 2015-03-20 10:28 - 00078336 _____ () C:\Users\John\AppData\Local\Temp\_MEI55202\wx._animate.pyd


    2015-01-17 00:29 - 2015-01-17 00:29 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll


    2015-01-17 00:29 - 2015-01-17 00:29 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll


    2015-03-11 14:48 - 2015-03-11 14:48 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL




    ==================== Alternate Data Streams (whitelisted) =========




    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)




    AlternateDataStreams: C:\ProgramData\TEMP:373E1720


    AlternateDataStreams: C:\Users\John\Downloads:Shareaza.GUID


    AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties




    ==================== Safe Mode (whitelisted) ===================




    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"




    ==================== EXE Association (whitelisted) ===============




    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)






    ==================== Other Areas ============================




    (Currently there is no automatic fix for this section.)




    HKU\S-1-5-21-317876899-2154345131-621581420-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper


    DNS Servers: 75.75.76.76 - 75.75.75.75




    ==================== MSCONFIG/TASK MANAGER disabled items ==




    (Currently there is no automatic fix for this section.)




    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"


    HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"


    HKLM\...\StartupApproved\Run32: => "Adobe ARM"


    HKLM\...\StartupApproved\Run32: => "APSDaemon"


    HKLM\...\StartupApproved\Run32: => "iTunesHelper"


    HKLM\...\StartupApproved\Run32: => "RemoteControl"


    HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"


    HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\StartupApproved\Run: => "teeveewatchSA"


    HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3"


    HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"


    HKU\S-1-5-21-317876899-2154345131-621581420-1002\...\StartupApproved\Run: => "Facebook Update"




    ==================== Accounts: =============================




    Administrator (S-1-5-21-317876899-2154345131-621581420-500 - Administrator - Disabled)


    Guest (S-1-5-21-317876899-2154345131-621581420-501 - Limited - Enabled)


    HomeGroupUser$ (S-1-5-21-317876899-2154345131-621581420-1007 - Limited - Enabled)


    John (S-1-5-21-317876899-2154345131-621581420-1002 - Administrator - Enabled) => C:\Users\John




    ==================== Faulty Device Manager Devices =============






    ==================== Event log errors: =========================




    Application errors:


    ==================


    Error: (03/20/2015 10:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )


    Description: Faulting application name: DVDFab.exe, version: 9.1.8.8, time stamp: 0x54dd91ef


    Faulting module name: qt5widgets.dll, version: 5.3.1.0, time stamp: 0x53bb6872


    Exception code: 0xc0000005


    Fault offset: 0x00476021


    Faulting process id: 0xda4


    Faulting application start time: 0xDVDFab.exe0


    Faulting application path: DVDFab.exe1


    Faulting module path: DVDFab.exe2


    Report Id: DVDFab.exe3


    Faulting package full name: DVDFab.exe4


    Faulting package-relative application ID: DVDFab.exe5




    Error: (03/20/2015 10:29:14 AM) (Source: Application Error) (EventID: 1000) (User: )


    Description: Faulting application name: DVDFab.exe, version: 9.1.8.8, time stamp: 0x54dd91ef


    Faulting module name: qt5widgets.dll, version: 5.3.1.0, time stamp: 0x53bb6872


    Exception code: 0xc0000005


    Fault offset: 0x00476021


    Faulting process id: 0xda4


    Faulting application start time: 0xDVDFab.exe0


    Faulting application path: DVDFab.exe1


    Faulting module path: DVDFab.exe2


    Report Id: DVDFab.exe3


    Faulting package full name: DVDFab.exe4


    Faulting package-relative application ID: DVDFab.exe5




    Error: (03/20/2015 10:26:50 AM) (Source: IDVault) (EventID: 0) (User: )


    Description: SessionChange Error No process is associated with this object.




    Error: (03/20/2015 05:58:37 AM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 2498




    Start Time: 01d062f3b60bb742




    Termination Time: 4294967295




    Application Path: C:\WINDOWS\syswow64\wwahost.exe




    Report Id: aae63edf-cee7-11e4-bec1-8c89a5bd77c6




    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c




    Faulting package-relative application ID: App




    Error: (03/17/2015 06:44:19 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 19f4




    Start Time: 01d061032d051e1f




    Termination Time: 4294967295




    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe




    Report Id: 214b4bcc-ccf7-11e4-bec1-8c89a5bd77c6




    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe




    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1




    Error: (03/15/2015 11:38:58 PM) (Source: Application Error) (EventID: 1000) (User: )


    Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.17416, time stamp: 0x54531930


    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000


    Exception code: 0xc0000005


    Fault offset: 0x000000018002b846


    Faulting process id: 0x17d8


    Faulting application start time: 0xmsfeedssync.exe0


    Faulting application path: msfeedssync.exe1


    Faulting module path: msfeedssync.exe2


    Report Id: msfeedssync.exe3


    Faulting package full name: msfeedssync.exe4


    Faulting package-relative application ID: msfeedssync.exe5




    Error: (03/15/2015 08:22:33 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 1224




    Start Time: 01d05f7e8f4cbe81




    Termination Time: 4294967295




    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe




    Report Id: 854f0713-cb72-11e4-bec0-8c89a5bd77c6




    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe




    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1




    Error: (03/15/2015 08:22:30 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 14f8




    Start Time: 01d05f7e8f9c3553




    Termination Time: 4294967295




    Application Path: C:\WINDOWS\syswow64\wwahost.exe




    Report Id: 854a9a3c-cb72-11e4-bec0-8c89a5bd77c6




    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c




    Faulting package-relative application ID: App




    Error: (03/15/2015 01:13:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )


    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.






    Details:


    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.




    System Error:


    Access is denied.


    .




    Error: (03/15/2015 01:07:39 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 1708




    Start Time: 01d05f41cab010f6




    Termination Time: 4294967295




    Application Path: C:\WINDOWS\syswow64\wwahost.exe




    Report Id: c07952cd-cb35-11e4-bec0-8c89a5bd77c6




    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c




    Faulting package-relative application ID: App






    System errors:


    =============


    Error: (03/16/2015 10:40:16 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)


    Description: LENOVO_PART\Device\HarddiskVolume33




    Error: (03/16/2015 10:38:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )


    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LavasoftAdAwareService11 service.




    Error: (03/13/2015 01:18:30 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)


    Description: LENOVO_PART\Device\HarddiskVolume33




    Error: (03/13/2015 01:04:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)


    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable




    Error: (03/11/2015 03:13:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)


    Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Windows 8.1 for x64-based Systems (KB3039066).




    Error: (02/24/2015 09:52:45 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )


    Description: 4




    Error: (02/17/2015 08:38:49 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)


    Description: LENOVO_PART\Device\HarddiskVolume33




    Error: (02/17/2015 08:37:27 PM) (Source: EventLog) (EventID: 6008) (User: )


    Description: The previous system shutdown at 7:01:29 PM on ‎2/‎17/‎2015 was unexpected.




    Error: (02/16/2015 00:42:26 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)


    Description: LENOVO_PART\Device\HarddiskVolume33




    Error: (02/16/2015 00:40:49 PM) (Source: DCOM) (EventID: 10010) (User: BASEMENT)


    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}






    Microsoft Office Sessions:


    =========================


    Error: (03/20/2015 10:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )


    Description: DVDFab.exe9.1.8.854dd91efqt5widgets.dll5.3.1.053bb6872c000000500476021da401d0631a391eb8e5C:\Program Files (x86)\DVDFab 9 US\DVDFab.exeC:\Program Files (x86)\DVDFab 9 US\qt5widgets.dllee28dcfa-cf0d-11e4-bec1-8c89a5bd77c6




    Error: (03/20/2015 10:29:14 AM) (Source: Application Error) (EventID: 1000) (User: )


    Description: DVDFab.exe9.1.8.854dd91efqt5widgets.dll5.3.1.053bb6872c000000500476021da401d0631a391eb8e5C:\Program Files (x86)\DVDFab 9 US\DVDFab.exeC:\Program Files (x86)\DVDFab 9 US\qt5widgets.dll7b2dc960-cf0d-11e4-bec1-8c89a5bd77c6




    Error: (03/20/2015 10:26:50 AM) (Source: IDVault) (EventID: 0) (User: )


    Description: SessionChange Error No process is associated with this object.




    Error: (03/20/2015 05:58:37 AM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: wwahost.exe6.3.9600.17415249801d062f3b60bb7424294967295C:\WINDOWS\syswow64\wwahost.exeaae63edf-cee7-11e4-bec1-8c89a5bd77c6Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp




    Error: (03/17/2015 06:44:19 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: LiveComm.exe17.5.9600.2068919f401d061032d051e1f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe214b4bcc-ccf7-11e4-bec1-8c89a5bd77c6microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1




    Error: (03/15/2015 11:38:58 PM) (Source: Application Error) (EventID: 1000) (User: )


    Description: msfeedssync.exe11.0.9600.1741654531930unknown0.0.0.000000000c0000005000000018002b84617d801d05f9a7708beccC:\WINDOWS\system32\msfeedssync.exeunknownf9d31485-cb8d-11e4-bec0-8c89a5bd77c6




    Error: (03/15/2015 08:22:33 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: LiveComm.exe17.5.9600.20689122401d05f7e8f4cbe814294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe854f0713-cb72-11e4-bec0-8c89a5bd77c6microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1




    Error: (03/15/2015 08:22:30 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: wwahost.exe6.3.9600.1741514f801d05f7e8f9c35534294967295C:\WINDOWS\syswow64\wwahost.exe854a9a3c-cb72-11e4-bec0-8c89a5bd77c6Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp




    Error: (03/15/2015 01:13:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )


    Description:


    Details:


    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.




    System Error:


    Access is denied.




    Error: (03/15/2015 01:07:39 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: wwahost.exe6.3.9600.17415170801d05f41cab010f64294967295C:\WINDOWS\syswow64\wwahost.exec07952cd-cb35-11e4-bec0-8c89a5bd77c6Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp






    CodeIntegrity Errors:


    ===================================


    Date: 2014-05-30 21:39:19.043


    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.




    Date: 2014-05-30 21:39:18.903


    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.






    ==================== Memory info ===========================




    Processor: AMD A6-3600 APU with Radeon HD Graphics


    Percentage of memory in use: 44%


    Total physical RAM: 5626 MB


    Available physical RAM: 3131.38 MB


    Total Pagefile: 6586 MB


    Available Pagefile: 3989.26 MB


    Total Virtual: 131072 MB


    Available Virtual: 131071.76 MB




    ==================== Drives ================================




    Drive c: () (Fixed) (Total:440.59 GB) (Free:350.44 GB) NTFS


    Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2025.81 GB) NTFS


    Drive f: (Finding Nemo) (CDROM) (Total:7.65 GB) (Free:0 GB) UDF




    ==================== MBR & Partition Table ==================




    ========================================================


    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A33B0E12)


    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)


    Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)


    Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)


    Attempted reading MBR returned 0 bytes.


    Could not read MBR for disk 1.




    ==================== End Of Log ============================


    0
  • Support

    Sorry, but I need to see FRST.txt too.

    0
  • Support

    1. If you click on the Follow button near the top of the page, you can get an email when I post a reply.

     


    2. FRST.txt isn't complete. Please attach the log file instead since it's very long. Click on the "More Reply Options" button to see how to attach files.

     


    3. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

     


    Turn off all programs, including browsers.


    Double-click on AdwCleaner to start the program.

     


    Click on the Scan button.


    Wait until the search has finished.

     


    Click on the Log file button.


    A report will be displayed, copy its content and paste into your reply.


    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

    0
  • Customer

    hopefully this is everything

    0
  • Support

    Thanks!

     

    Note that I replied to you between your two long posts. You don't need to attach FRST.txt, but please do the other things.

    0
  • Support

    1. I can see that you already have removed items with AdwCleaner. Does the following items reappear after removal or haven't you let AdwCleaner remove them?

     

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0B0DyByB0CyC0AtCtDyBtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtB0F0AyC0D0BtAtGyDtBtBtCtGtC0A0D0CtGyC0F0AyBtGtCyDtBzyyDyBzzzyzzyCyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyBtDyE0EyEyBtGyDyCzz0BtGyEyEtDtAtG0AyByCzztGyEtBtD0BtC0CtBtAtB0EtDtA2Q&cr=1042697938&ir=

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1631&systemid=406&v=n12712-363&apn_uid=2931338665824207&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}


    I would remove them.



    2. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats, since false positives can be found.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Customer

    # AdwCleaner v4.113 - Logfile created 25/03/2015 at 13:20:35


    # Updated 22/03/2015 by Xplode


    # Database : 2015-03-23.1 [server]


    # Operating system : Windows 8.1 Pro (x64)


    # Username : John - BASEMENT


    # Running from : C:\Users\John\Downloads\adwcleaner_4.113.exe


    # Option : Scan




    ***** [ Services ] *****






    ***** [ Files / Folders ] *****






    ***** [ Scheduled tasks ] *****






    ***** [ Shortcuts ] *****






    ***** [ Registry ] *****




    Key Found : HKCU\Software\AppDataLow\Software\adawarebp


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}


    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}


    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]




    ***** [ Web browsers ] *****




    -\\ Internet Explorer v11.0.9600.17416






    -\\ Mozilla Firefox v36.0.4 (x86 en-US)






    -\\ Google Chrome v41.0.2272.101




    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0B0DyByB0CyC0AtCtDyBtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtB0F0AyC0D0BtAtGyDtBtBtCtGtC0A0D0CtGyC0F0AyBtGtCyDtBzyyDyBzzzyzzyCyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyBtDyE0EyEyBtGyDyCzz0BtGyEyEtDtAtG0AyByCzztGyEtBtD0BtC0CtBtAtB0EtDtA2Q&cr=1042697938&ir=


    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}


    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}


    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1631&systemid=406&v=n12712-363&apn_uid=2931338665824207&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}


    *************************




    AdwCleaner[R0].txt - [11949 bytes] - [20/03/2015 11:29:29]


    AdwCleaner[R1].txt - [2737 bytes] - [25/03/2015 12:50:54]


    AdwCleaner[R2].txt - [2796 bytes] - [25/03/2015 12:54:03]


    AdwCleaner[R3].txt - [2312 bytes] - [25/03/2015 13:20:35]


    AdwCleaner[s0].txt - [10823 bytes] - [20/03/2015 11:31:50]


    AdwCleaner[s1].txt - [2886 bytes] - [25/03/2015 12:55:42]




    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2490 bytes] ##########

    0
  • Customer

    C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application


    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


    C:\Config.Msi\51ba6.rbf a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined


    C:\Config.Msi\51bd2.rbf a variant of Win32/Toolbar.Widgi.A potentially unwanted application deleted - quarantined


    C:\Program Files (x86)\AudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A potentially unwanted application deleted - quarantined


    C:\Program Files (x86)\AudioConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined


    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined


    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined


    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application deleted (after the next restart) - quarantined


    C:\Users\John\.frostwire5\updates\frostwire-5.6.9.windows.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined


    C:\Users\John\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined


    C:\Windows\Installer\a4b8408.msi a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined


    C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined


    C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

    0
  • Customer

    I just did a restart and after I let it delete everything except the 2 at the top that it wouldn't delete and opened my chrome browser. I was listening to some music on rhapsody and after a couple minutes the popup was back advertising where I could buy what I was listening to.

    0
  • Support

    Please, scan with AdwCleaner and upload its new log file.

     

    Please, start FRST.

    Place a check mark in front of Addition.txt.

    Let it scan and attach the two new log files (click on "More Reply Options" button to see how to attach files).

    0
  • Customer

    This is the only file I got.

    # AdwCleaner v4.113 - Logfile created 28/03/2015 at 22:50:03

    # Updated 22/03/2015 by Xplode

    # Database : 2015-03-28.1 [server]

    # Operating system : Windows 8.1 Pro (x64)

    # Username : John - BASEMENT

    # Running from : C:\Users\John\Downloads\adwcleaner_4.113.exe

    # Option : Cleaning


    ***** [ Services ] *****



    ***** [ Files / Folders ] *****



    ***** [ Scheduled tasks ] *****



    ***** [ Shortcuts ] *****



    ***** [ Registry ] *****


    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp


    ***** [ Web browsers ] *****


    -\\ Internet Explorer v11.0.9600.17416



    -\\ Mozilla Firefox v36.0.4 (x86 en-US)



    -\\ Google Chrome v41.0.2272.101


    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0B0DyByB0CyC0AtCtDyBtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtB0F0AyC0D0BtAtGyDtBtBtCtGtC0A0D0CtGyC0F0AyBtGtCyDtBzyyDyBzzzyzzyCyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyBtDyE0EyEyBtGyDyCzz0BtGyEyEtDtAtG0AyByCzztGyEtBtD0BtC0CtBtAtB0EtDtA2Q&cr=1042697938&ir=

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

    [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1631&systemid=406&v=n12712-363&apn_uid=2931338665824207&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}


    *************************


    AdwCleaner[R0].txt - [11949 bytes] - [20/03/2015 11:29:29]

    AdwCleaner[R1].txt - [2737 bytes] - [25/03/2015 12:50:54]

    AdwCleaner[R2].txt - [2796 bytes] - [25/03/2015 12:54:03]

    AdwCleaner[R3].txt - [2573 bytes] - [25/03/2015 13:20:35]

    AdwCleaner[R4].txt - [2251 bytes] - [28/03/2015 22:45:12]

    AdwCleaner[s0].txt - [10823 bytes] - [20/03/2015 11:31:50]

    AdwCleaner[s1].txt - [2886 bytes] - [25/03/2015 12:55:42]

    AdwCleaner[s2].txt - [2188 bytes] - [28/03/2015 22:50:03]


    ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2247 bytes] ##########

    0
  • Customer

    FRST.txt

    0
  • Customer

    scan.txt

    0
  • Support

    If you have synchronization in Chrome and/or Firefox, please turn it off. The synchronization can restore bad add-ons or settings when you remove them.

     

    Did these ads start when you installed "Fast Connect" and/or "Constant Guard Protection Suite" by White Sky?

    Do you want to use search engines (Connect Search) from White Sky or do you want to know how to remove them?

     

    Please, start Notepad.

    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-317876899-2154345131-621581420-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.whiteskyservices.com/?wstoken=44C4A062-CDEA-48D5-9A3D-82831A3E40CC&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
    FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-01-23] (Oracle Corporation)
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-03-25]
    2015-03-15 13:32 - 2015-03-15 13:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
    Task: {39F710A7-11B4-423E-9786-B07ACBB22630} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
    Task: {A83ABB0B-690D-4A69-9B12-7786038FA7D1} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: {FC8746BE-734A-421A-BD14-9E2A5207AFA0} - \BuzzSocialPoints_li_Checker No Task File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    Reboot:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

    0
  • Customer

    Addition.txt

    0
  • Customer

    After running everything you recommended, I also for the second time, went into Chrome settings, Advanced settings and reset Chrome to it's original settings. I have had Chrome open in various windows on various sites for the past 45 minutes and haven't had a popup. Thank you for all your help and patience. This was almost as frustrating as my first pc that was running Windows ME. I met somebody that works for Microsoft and told him my first experience with Windows was with ME and he apologized. Thanks again.

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0
  • Support

    You're welcome and I'm glad it's been resolved

    But you also need to uninstall the special tools we have used.

    1. Removal of AdwCleaner.
    Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Uninstall button.

    2. Removal of FRST
    Download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.
    If any logs remain on the computer you can remove them.

    3. Improve the security in the computer
    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

    0

Please sign in to leave a comment.