Skip to main content

huge amount of ads mostly by speedchecker

Comments

27 comments

  • Support

    Hi dsmith57,

     

    Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

    0
  • Customer

    Hi

     


    Here is the log file from AdwCleaner

     

     


    # AdwCleaner v4.203 - Logfile created 05/05/2015 at 19:07:29 # Updated 30/04/2015 by Xplode # Database : 2015-05-02.1 [server] # Operating system : Windows 8.1 (x64) # Username : DEREK - DEREKHOME # Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe


    # Option : Scan

     


    ***** [ Services ] *****

     


    Service Found : ClaraUpdater

     


    ***** [ Files / Folders ] *****

     


    File Found : C:\claraInstaller.txt


    File Found : C:\END


    File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.boostrap.log File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.installation.log File Found : C:\Users\DEREK\AppData\Roaming\Selection Tools.installation.log File Found : C:\Users\DEREK\AppData\Roaming\WindApp.boostrap.log


    File Found : C:\Users\DEREK\AppData\Roaming\WindApp.installation.log


    File Found : C:\windows\patsearch.bin


    Folder Found : C:\Program Files (x86)\CloudScout Parental Control Folder Found : C:\Program Files (x86)\Common Files\ClaraUpdater Folder Found : C:\Program Files (x86)\globalUpdate Folder Found : C:\Program Files (x86)\GUPlayer Folder Found : C:\Program Files (x86)\predm Folder Found : C:\Program Files (x86)\version17SpeedChecker Folder Found : C:\Program Files (x86)\XTab Folder Found : C:\Program Files\Common Files\pastaleads Folder Found : C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}


    Folder Found : C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}


    Folder Found : C:\ProgramData\7f4521b200006282 Folder Found : C:\ProgramData\c26f6ad5000016ed Folder Found : C:\ProgramData\IHProtectUpDate Folder Found : C:\ProgramData\LolliScan Folder Found : C:\ProgramData\PastaLeadsAgent Folder Found : C:\ProgramData\WindowsMangerProtect


    Folder Found : C:\Users\DEREK\AppData\Local\globalUpdate


    Folder Found : C:\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D


    Folder Found : C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer Folder Found : C:\Users\DEREK\AppData\Roaming\Nosibay


    Folder Found : C:\Users\DEREK\AppData\Roaming\Store


    Folder Found : C:\Users\DEREK\AppData\Roaming\WebExtend


    Folder Found : C:\Users\DEREK\AppData\Roaming\WTools


    Folder Found : C:\Users\DEREK\SupTab

     


    ***** [ Scheduled tasks ] *****

     


    Task Found : Optimizer Pro Schedule


    Task Found : Run_Browser


    Task Found : SpeedChecker Update


    Task Found : LaunchPreSignup


    Task Found : SpeedChecker Update

     


    ***** [ Shortcuts ] *****

     

     


    ***** [ Registry ] *****

     


    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}


    Key Found : HKCU\Software\AppDataLow\Software\adawarebp


    Key Found : HKCU\Software\AppDataLow\Software\Crossrider


    Key Found : HKCU\Software\AppDataLow\Software\DynConIE


    Key Found : HKCU\Software\ArenaHD


    Key Found : HKCU\Software\ClientConnect


    Key Found : HKCU\Software\CommunityCrawlingService


    Key Found : HKCU\Software\GAMESDESKTOP


    Key Found : HKCU\Software\GlobalUpdate


    Key Found : HKCU\Software\HighDefAction


    Key Found : HKCU\Software\HomeTab


    Key Found : HKCU\Software\InstalledBrowserExtensions


    Key Found : HKCU\Software\Linkey


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com


    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance


    Key Found : HKCU\Software\Nosibay


    Key Found : HKCU\Software\Optimizer Pro


    Key Found : HKCU\Software\SearchProtectWS Key Found : HKCU\Software\simplytech Key Found : HKCU\Software\Store Key Found : HKCU\Software\Super Optimizer Key Found : HKCU\Software\TNT2 Key Found : HKCU\Software\UnicoBrowser Key Found : HKCU\Software\WajIntEnhance Key Found : HKCU\Software\Wnkey Key Found : HKCU\Software\WTools Key Found : HKCU\Software\YorkNewCin Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\ArenaHD Key Found : [x64] HKCU\Software\ClientConnect Key Found : [x64] HKCU\Software\CommunityCrawlingService


    Key Found : [x64] HKCU\Software\GAMESDESKTOP Key Found : [x64] HKCU\Software\GlobalUpdate Key Found : [x64] HKCU\Software\HighDefAction Key Found : [x64] HKCU\Software\HomeTab Key Found : [x64] HKCU\Software\InstalledBrowserExtensions


    Key Found : [x64] HKCU\Software\Linkey


    Key Found : [x64] HKCU\Software\Nosibay


    Key Found : [x64] HKCU\Software\Optimizer Pro Key Found : [x64] HKCU\Software\SearchProtectWS Key Found : [x64] HKCU\Software\simplytech Key Found : [x64] HKCU\Software\Store Key Found : [x64] HKCU\Software\Super Optimizer Key Found : [x64] HKCU\Software\TNT2 Key Found : [x64] HKCU\Software\UnicoBrowser Key Found : [x64] HKCU\Software\WajIntEnhance Key Found : [x64] HKCU\Software\Wnkey Key Found : [x64] HKCU\Software\WTools Key Found : [x64] HKCU\Software\YorkNewCin Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}


    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}


    Key Found : HKLM\SOFTWARE\213cf771-897f-7e6b-1386-164f09382ea2


    Key Found : HKLM\SOFTWARE\AIM Toolbar


    Key Found : HKLM\SOFTWARE\ArenaHD


    Key Found : HKLM\SOFTWARE\AskPartnerNetwork Key Found : HKLM\SOFTWARE\Clara Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}


    Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}


    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}


    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}


    Key Found : HKLM\SOFTWARE\CommunityCrawlingService


    Key Found : HKLM\SOFTWARE\Conduit


    Key Found : HKLM\SOFTWARE\GlobalUpdate


    Key Found : HKLM\SOFTWARE\HighDefAction


    Key Found : HKLM\SOFTWARE\IHProtect


    Key Found : HKLM\SOFTWARE\Iminent


    Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions


    Key Found : HKLM\SOFTWARE\istartsurfSoftware Key Found : HKLM\SOFTWARE\LolliScan Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}


    Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\unicobrowser.exe


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com


    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance


    Key Found : HKLM\SOFTWARE\mystartsearchSoftware


    Key Found : HKLM\SOFTWARE\SearchProtect


    Key Found : HKLM\SOFTWARE\SpeedBit


    Key Found : HKLM\SOFTWARE\SupDp


    Key Found : HKLM\SOFTWARE\SupTab


    Key Found : HKLM\SOFTWARE\Tutorials


    Key Found : HKLM\SOFTWARE\WajIntEnhance


    Key Found : HKLM\SOFTWARE\WebProtector


    Key Found : HKLM\SOFTWARE\YorkNewCin


    Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect


    Key Found : [x64] HKLM\SOFTWARE\ArenaHD


    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}


    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}


    Key Found : [x64] HKLM\SOFTWARE\HighDefAction Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions


    Key Found : [x64] HKLM\SOFTWARE\LolliScan Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}


    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E}


    Key Found : [x64] HKLM\SOFTWARE\WebBar


    Key Found : [x64] HKLM\SOFTWARE\YorkNewCin

     


    ***** [ Web browsers ] *****

     


    -\\ Internet Explorer v11.0.9600.17416

     

     


    *************************

     


    AdwCleaner[R0].txt - [10757 bytes] - [05/05/2015 19:07:29]

     


    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10817 bytes] ##########

     


    -----Original Message-----


    From: Lavasoft Support Forums [mailto:admin@lavasoftsupport.com]


    Sent: 05 May 2015 17:04


    To: smiths21okl@ntlworld.com


    Subject: New reply to huge amount of ads mostly by speedchecker

     

     


    dsmith57,

     


    CeciliaB (http://www.lavasoftsupport.com/index.php?/user/79449-ceciliab/) has just posted a reply to a topic that you have subscribed to titled "huge amount of ads mostly by speedchecker".

     


    ----------------------------------------------------------------------


    Hi dsmith57,

     


    Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/(https://toolslib.net/downloads/viewdownload/1-adwcleaner/)

     


    Turn off all programs, including browsers.


    Double-click on AdwCleaner to start the program.

     


    Click on the Scan button.


    Wait until the search has finished.

     


    Click on the Log file button.


    A report will be displayed, copy its content and paste into your reply.


    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

     


    ----------------------------------------------------------------------

     


    The topic can be found here: http://www.lavasoftsupport.com/index.php?/topic/34250-huge-amount-of-ads-mostly-by-speedchecker/?view=getnewpost

     


    If you have configured in your control panel to receive immediate topic reply notifications, you may receive an email for each reply made to this topic. Otherwise, only 1 email is sent per board visit for each subscribed topic.


    This is to limit the amount of mail that is sent to your inbox.

     


    You can unsubscribe at any time here: http://www.lavasoftsupport.com/index.php?/unsubscribe/Zm9ydW1zO3RvcGljczszNDI1MDsxMDc5NDk7MTA3OTQ5O3NtaXRoczIxb2tsQG50bHdvcmxkLmNvbQ,,/

    0
  • Support

    Hi,

     

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Clean button.

    Click on OK.
    Click on OK on any message that pops up.
    The computer will be restarted.

    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

     

    2. Do a full scan with Ad-Aware and let it move everything it finds to its quarantine.

     

     

    3. Start FRST.

    Select Addition.txt.

    Scan with the program and attach the two new logs.

     

     

    4.Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Customer

    Hi

     

    I am trying to reply but the site keeps telling me the reply is too short... strange given that I copied all 4 large text files

     

    I have copied the eset file here

     

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\192_x64.dll.vir a variant of Win64/Adware.AddLyrics.I application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\x64\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir a variant of Win32/ELEX.DH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir Win32/ELEX.BM potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir Win32/ELEX.BM potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application
    C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D\vnsz47AB.tmp.vir a variant of Win32/Adware.ConvertAd.KZ.gen application
    C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application
    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application
    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
    C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application
    C:\ProgramData\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application
    C:\Users\All Users\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application
    C:\Users\DEREK\AppData\Roaming\GYUSUEP JS/Toolbar.Crossrider.C potentially unwanted application
    C:\Users\DEREK\AppData\Roaming\QJNFZ JS/Toolbar.Crossrider.C potentially unwanted application
    C:\Users\DEREK\AppData\Roaming\SPXPLN JS/Toolbar.Crossrider.C potentially unwanted application
    C:\Users\DEREK\AppData\Roaming\WJGSOVQ JS/Toolbar.Crossrider.C potentially unwanted application
    C:\Users\DEREK\AppData\Roaming\WPRGSTS JS/Toolbar.Crossrider.C potentially unwanted application
    C:\Users\DEREK\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application
    C:\Users\DEREK\Downloads\ErrorEND_Installer.exe multiple threats
    C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014 (1).exe a variant of Win32/Systweak.R potentially unwanted application
    C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014.exe a variant of Win32/Systweak.R potentially unwanted application
    C:\Users\DEREK\Downloads\itunes6464setup.exe a variant of Win32/InstallCore.YH potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 226548.crdownload Win32/Toolbar.SearchSuite potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 295414.crdownload Win32/Toolbar.SearchSuite potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 482695.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 55255.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 612979.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 753557.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 769870.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 776757.crdownload a variant of Win32/AdGazelle.F potentially unwanted application
    C:\Users\DEREK\Downloads\Unconfirmed 959552.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
    C:\Windows\mxqv.exe a variant of Win32/TrojanDownloader.Adcurl.A trojan
    C:\Windows\Installer\12acb747.msi a variant of Win32/Komodia.A potentially unsafe application
    C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
    C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

    0
  • Customer

    Hi

     


    I am trying to copy the other files but it is still telling me my post is too short.... I think it means too long

     


    This is the adwcleaner file

     


    # AdwCleaner v4.203 - Logfile created 07/05/2015 at 19:14:05


    # Updated 30/04/2015 by Xplode


    # Database : 2015-05-05.1 [server]


    # Operating system : Windows 8.1 (x64)


    # Username : DEREK - DEREKHOME


    # Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe


    # Option : Scan

     


    ***** [ Services ] *****

     

     


    ***** [ Files / Folders ] *****

     

     


    ***** [ Scheduled tasks ] *****

     

     


    ***** [ Shortcuts ] *****

     

     


    ***** [ Registry ] *****

     


    Key Found : HKCU\Software\AppDataLow\Software\adawarebp

     


    ***** [ Web browsers ] *****

     


    -\\ Internet Explorer v11.0.9600.17416

     

     


    *************************

     


    AdwCleaner[R0].txt - [11069 bytes] - [05/05/2015 19:07:29]


    AdwCleaner[R1].txt - [671 bytes] - [07/05/2015 19:14:05]


    AdwCleaner[s0].txt - [10414 bytes] - [05/05/2015 19:13:12]

     


    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [789 bytes] ##########

    0
  • Customer

    The addition file

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
    Ran by DEREK at 2015-05-07 19:28:35
    Running from C:\Users\DEREK\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled)
    DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK
    Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
    Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software)
    Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
    Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
    Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
    Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden
    Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden
    Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.)
    Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    17-04-2015 08:15:55 Windows Update
    26-04-2015 16:27:09 Scheduled Checkpoint
    28-04-2015 11:46:18 AA11
    01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
    Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation)
    Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation)
    Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
    Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
    Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
    Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
    Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
    2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll
    2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe
    2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
    2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
    2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe
    2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
    2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
    2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
    2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 31.168.228.251 - 82.166.96.251

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp"

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
    FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
    FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
    Exception code: 0xc06d007e
    Fault offset: 0x00014598
    Faulting process ID: 0x13fc
    Faulting application start time: 0xmpnex40.exe0
    Faulting application path: mpnex40.exe1
    Faulting module path: mpnex40.exe2
    Report ID: mpnex40.exe3
    Faulting package full name: mpnex40.exe4
    Faulting package-relative application ID: mpnex40.exe5

    Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
    Exception code: 0xc06d007e
    Fault offset: 0x00014598
    Faulting process ID: 0x1350
    Faulting application start time: 0xmpnex40.exe0
    Faulting application path: mpnex40.exe1
    Faulting module path: mpnex40.exe2
    Report ID: mpnex40.exe3
    Faulting package full name: mpnex40.exe4
    Faulting package-relative application ID: mpnex40.exe5

    Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
    Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

    Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2fb4

    Start Time: 01d081ba1bc3ffd0

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe

    Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    System errors:
    =============
    Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Microsoft Office Sessions:
    =========================
    Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d

    Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d

    Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

    Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
    Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

    Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    ==================== Memory info ===========================

    Processor: Intel® Core i7-4820K CPU @ 3.70GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16319.43 MB
    Available physical RAM: 12741.02 MB
    Total Pagefile: 18751.43 MB
    Available Pagefile: 16097.71 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    0
  • Customer

    and the final file

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
    Ran by DEREK at 2015-05-07 19:28:35
    Running from C:\Users\DEREK\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled)
    DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK
    Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
    Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software)
    Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
    Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
    Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
    Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden
    Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden
    Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.)
    Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    17-04-2015 08:15:55 Windows Update
    26-04-2015 16:27:09 Scheduled Checkpoint
    28-04-2015 11:46:18 AA11
    01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
    Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation)
    Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation)
    Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
    Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
    Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
    Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
    Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
    2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll
    2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe
    2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
    2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
    2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe
    2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
    2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
    2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
    2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
    2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 31.168.228.251 - 82.166.96.251

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools"
    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp"

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
    FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
    FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
    Exception code: 0xc06d007e
    Fault offset: 0x00014598
    Faulting process ID: 0x13fc
    Faulting application start time: 0xmpnex40.exe0
    Faulting application path: mpnex40.exe1
    Faulting module path: mpnex40.exe2
    Report ID: mpnex40.exe3
    Faulting package full name: mpnex40.exe4
    Faulting package-relative application ID: mpnex40.exe5

    Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
    Exception code: 0xc06d007e
    Fault offset: 0x00014598
    Faulting process ID: 0x1350
    Faulting application start time: 0xmpnex40.exe0
    Faulting application path: mpnex40.exe1
    Faulting module path: mpnex40.exe2
    Report ID: mpnex40.exe3
    Faulting package full name: mpnex40.exe4
    Faulting package-relative application ID: mpnex40.exe5

    Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
    Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

    Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2fb4

    Start Time: 01d081ba1bc3ffd0

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe

    Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    System errors:
    =============
    Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The xqv service failed to start due to the following error:
    %%2

    Microsoft Office Sessions:
    =========================
    Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d

    Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d

    Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

    Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
    Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

    Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
    Description: MAPI error: General MAPI failure [2]

    ==================== Memory info ===========================

    Processor: Intel® Core i7-4820K CPU @ 3.70GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16319.43 MB
    Available physical RAM: 12741.02 MB
    Total Pagefile: 18751.43 MB
    Available Pagefile: 16097.71 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    0
  • Customer

    I have just tried to paste and post the FRST.txt file and it tells me the post is too short, although I think it means too long

     


    Is there another way I can do it?

    0
  • Support

    Sorry, but you pasted Addition.txt twice and FRST.txt not at all.

    0
  • Support

    You're right, it must be some kind of bug in the forum program.

     


    You can either split the log between two replies or you can attach the log file. To attach a file click the "More Reply Options" button and follow the instructions for attachments.

    0
  • Customer

    Thanks, I have attached the file.... its easy when you know how.

     

    DerekFRST_07-05-2015_19-28-51.txt

    0
  • Support

    1.

    C:\Users\DEREK\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application

    C:\Users\DEREK\Downloads\ErrorEND_Installer.exe multiple threats

    C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014 (1).exe a variant of Win32/Systweak.R potentially unwanted application

    C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014.exe a variant of Win32/Systweak.R potentially unwanted application

    C:\Users\DEREK\Downloads\itunes6464setup.exe a variant of Win32/InstallCore.YH potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 226548.crdownload Win32/Toolbar.SearchSuite potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 295414.crdownload Win32/Toolbar.SearchSuite potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 482695.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 55255.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 612979.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 753557.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 769870.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 776757.crdownload a variant of Win32/AdGazelle.F potentially unwanted application

    C:\Users\DEREK\Downloads\Unconfirmed 959552.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

     

    Those are downloaded installation files in your Downloads folder and they will all try to install adware or unnecessary programs during the installation. It's up to you if you want to keep them.

     

     

    2. Please, start Notepad.

    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [gmsd_gb_263] => [X]
    HKLM-x32\...\Run: [gmsd_gb_279] => [X]
    HKLM-x32\...\Run: [gmsd_gb_276] => [X]
    ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No File
    Tcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251
    FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56}] - C:\Program Files (x86)\version17SpeedChecker\192.xpi
    R2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]
    S2 xqv; c:\windows\xqv.exe [X]
    R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()
    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
    S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]
    2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_160
    2015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe
    2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED
    2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D
    2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv
    2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job
    2015-04-13 19:13 - 2015-04-13 19:13 - 00004364 _____ () C:\windows\System32\Tasks\QJNFZ
    2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job
    2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job
    2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da
    2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat
    2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe
    2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ
    2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP
    2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ
    2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f0
    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP
    2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\DEREK\AppData\Roaming\QJNFZ
    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN
    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ
    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS
    2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    C:\Users\All Users\xqv
    Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
    Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
    Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
    Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
    Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
    Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
    Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
    Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
    CMD: ipconfig /flushdns
    Reboot:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

     

     

    If you can't surf after the fix, please do a system restore to the restore point created by FRST and I'll give you another script.

    0
  • Customer

    Hi

     


    I have deleted the rogue application files as suggested

     


    here is the fixlog

     


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015


    Ran by DEREK at 2015-05-09 17:36:09 Run:1


    Running from C:\Users\DEREK\Downloads


    Loaded Profiles: DEREK (Available profiles: DEREK)


    Boot Mode: Normal


    ==============================================

     


    Content of fixlist:


    *****************


    CreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKLM-x32\...\Run: [gmsd_gb_263] => [X]HKLM-x32\...\Run: [gmsd_gb_279] => [X]HKLM-x32\...\Run: [gmsd_gb_276] => [X]ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No FileTcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56


    }] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000


    04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User


    s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONCMD: ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines.

     


    *****************

     


    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CreateRestorePoint:CloseProcesses:gmsd_gb_276 => Value not found.


    }] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000 => Error: No automatic fix found for this entry.


    04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User => Error: No automatic fix found for this entry.

     


    ========= s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines. =========

     

     


    ========= End of CMD: =========

     

     


    ==== End of Fixlog 17:36:09 ====

    0
  • Support

    I don't know how you created fixlist.txt, but you can't copy from the subscription email, you have to copy from the post in the forum. The fixlist.txt you used didn't have the correct line breaks. Please, try again.

     

    Have all extra ads disappeared?

    Any more questions before I write how you can uninstall FRST and AdwCleaner?

    0
  • Customer

    Hi

     

    here is the new fixlog

     

    Derek

     

    I will come back to you with the result when I have used the net for a while

    0
  • Customer

    Hi

     

    I have been surfing for about 30 minutes and most of the ads are gone.... hooray!!!!

     

    I did get a couple pop up from adchoices after about 5 minutes but they haven't come up since

     

    Derek

    0
  • Support

    Hi Derek,

     

    You forgot to paste the new fixlog.

     

    Good that the ads are gone

    0
  • Customer

    sorry

     


    here is the fixlog

     


    I am still getting the odd ad pop up (just had one from BITDEFENDER) but this is a great improvement on the ad every 5 seconds that I was getting.

     


    I really appreciate your help on this as it was driving me insane!!

     


    Derek

     


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015


    Ran by DEREK at 2015-05-09 19:26:57 Run:2


    Running from C:\Users\DEREK\Downloads


    Loaded Profiles: DEREK (Available profiles: DEREK)


    Boot Mode: Normal


    ==============================================

     


    Content of fixlist:


    *****************


    CreateRestorePoint:


    CloseProcesses:


    HKLM\...\Run: [] => [X]


    HKLM-x32\...\Run: [gmsd_gb_263] => [X]


    HKLM-x32\...\Run: [gmsd_gb_279] => [X]


    HKLM-x32\...\Run: [gmsd_gb_276] => [X]


    ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)


    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


    BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No File


    Tcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251


    FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56}] - C:\Program Files (x86)\version17SpeedChecker\192.xpi


    R2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]


    S2 xqv; c:\windows\xqv.exe [X]


    R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()


    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]


    S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]


    2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_160


    2015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe


    2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED


    2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D


    2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv


    2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job


    2015-04-13 19:13 - 2015-04-13 19:13 - 00004364 _____ () C:\windows\System32\Tasks\QJNFZ


    2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job


    2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job


    2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da


    2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat


    2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe


    2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ


    2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP


    2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ


    2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f0


    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP


    2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\DEREK\AppData\Roaming\QJNFZ


    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN


    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ


    2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS


    2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


    C:\Users\All Users\xqv


    Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION


    Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION


    Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION


    Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION


    Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"


    Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION


    Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe


    Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION


    Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION


    Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION


    Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION


    Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION


    CMD: ipconfig /flushdns


    Reboot:


    *****************

     


    Restore point was successfully created.


    Processes closed successfully.


    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.


    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_263 => value deleted successfully.


    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_279 => value deleted successfully.


    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_276 => value deleted successfully.


    C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found.


    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.


    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.


    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.


    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully.


    "HKCR\CLSID\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully.


    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}\\NameServer => value deleted successfully.


    HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Software\Mozilla\Firefox\Extensions\\{C41D5775-C5CE-CBB8-1655-23008F5D8F56} => value deleted successfully.


    mxqv => Service deleted successfully.


    xqv => Service deleted successfully.


    webTinstMKTN84 => Unable to stop service


    webTinstMKTN84 => Service deleted successfully.


    e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully.


    qrnfd_1_10_0_12 => Service deleted successfully.


    C:\Program Files (x86)\gmsd_gb_160 => Moved successfully.


    C:\windows\SysWOW64\SetupComponents.exe => Moved successfully.


    C:\ProgramData\T122078ED => Moved successfully.


    C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D => Moved successfully.


    C:\ProgramData\xqv => Moved successfully.


    C:\windows\Tasks\QJNFZ.job => Moved successfully.


    C:\windows\System32\Tasks\QJNFZ => Moved successfully.


    C:\windows\Tasks\WJGSOVQ.job => Moved successfully.


    C:\windows\Tasks\GYUSUEP.job => Moved successfully.


    C:\ProgramData\5d7406e0a775469cae25df88a7d255da => Moved successfully.


    C:\windows\xqv.dat => Moved successfully.


    C:\windows\mxqv.exe => Moved successfully.


    C:\windows\System32\Tasks\WJGSOVQ => Moved successfully.


    C:\windows\System32\Tasks\GYUSUEP => Moved successfully.


    C:\windows\System32\Tasks\VRATQ => Moved successfully.


    C:\ProgramData\fdb70e21975a413bb583c3f4758140f0 => Moved successfully.


    C:\Users\DEREK\AppData\Roaming\GYUSUEP => Moved successfully.


    C:\Users\DEREK\AppData\Roaming\QJNFZ => Moved successfully.


    C:\Users\DEREK\AppData\Roaming\SPXPLN => Moved successfully.


    C:\Users\DEREK\AppData\Roaming\WJGSOVQ => Moved successfully.


    C:\Users\DEREK\AppData\Roaming\WPRGSTS => Moved successfully.


    C:\ProgramData\DP45977C.lfl => Moved successfully.


    "C:\Users\All Users\xqv" => File/Directory not found.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully.


    C:\Windows\System32\Tasks\WJGSOVQ not found.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WJGSOVQ" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully.


    C:\Windows\System32\Tasks\SPXPLN => Moved successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPXPLN" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully.


    C:\Windows\System32\Tasks\QJNFZ not found.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully.


    C:\Windows\System32\Tasks\GYUSUEP not found.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GYUSUEP" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully.


    C:\Windows\System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => Moved successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully.


    C:\Windows\System32\Tasks\WPRGSTS => Moved successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPRGSTS" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully.


    C:\Windows\System32\Tasks\VRATQ not found.


    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VRATQ" => Key deleted successfully.


    C:\windows\Tasks\GYUSUEP.job not found.


    C:\windows\Tasks\QJNFZ.job not found.


    C:\windows\Tasks\SPXPLN.job => Moved successfully.


    C:\windows\Tasks\WJGSOVQ.job not found.


    C:\windows\Tasks\WPRGSTS.job => Moved successfully.

     


    ========= ipconfig /flushdns =========

     

     


    Windows IP Configuration

     


    Successfully flushed the DNS Resolver Cache.

     


    ========= End of CMD: =========

     

     

     


    The system needed a reboot.

     


    ==== End of Fixlog 19:27:38 ====

    0
  • Support

    Let me see new FRST.txt and Addition.txt, maybe I missed something.

    0
  • Customer

    Addition_10-05-2015_19-22-24.txtFRST_10-05-2015_19-22-24.txtI have attached the two new logs
    0
  • Support

    The following script maybe removes too much and you have to check search engines in Internet Explorer. Please, start Notepad.

    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-13]
    ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe (No File)
    Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk [2015-04-15]
    ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
    SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
    SearchScopes: HKLM-x32 -> {C519E87B-0F7C-43C3-9455-088DA1389A1E} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
    CHR HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    2015-04-17 08:49 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\DEREK\Documents\Optimizer Pro
    2015-04-15 22:38 - 2015-04-15 22:38 - 00050216 _____ () C:\windows\system32\Drivers\webTinstMKTN84.sys
    2015-04-15 22:38 - 2015-04-15 22:38 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
    FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
    Reboot:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

    0
  • Customer

    OK

     


    I am not able to log in for a couple of days, I will try this later in the week

     


    thanks

    0
  • Customer

    Hi

     

    new fixlog below

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01
    Ran by DEREK at 2015-05-14 11:09:48 Run:3
    Running from C:\Users\DEREK\Downloads
    Loaded Profiles: DEREK (Available profiles: DEREK)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-13]
    ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe (No File)
    Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk [2015-04-15]
    ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
    SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
    SearchScopes: HKLM-x32 -> {C519E87B-0F7C-43C3-9455-088DA1389A1E} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
    CHR HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    2015-04-17 08:49 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\DEREK\Documents\Optimizer Pro
    2015-04-15 22:38 - 2015-04-15 22:38 - 00050216 _____ () C:\windows\system32\Drivers\webTinstMKTN84.sys
    2015-04-15 22:38 - 2015-04-15 22:38 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
    FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
    Reboot:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
    C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe not found.
    C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk => Moved successfully.
    C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => Key deleted successfully.
    HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{C519E87B-0F7C-43C3-9455-088DA1389A1E} => Key not found.
    "HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully.
    C:\Users\DEREK\Documents\Optimizer Pro => Moved successfully.
    C:\windows\system32\Drivers\webTinstMKTN84.sys => Moved successfully.
    C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf => Moved successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53527745-9A11-4529-91AB-D6A2155DEAA1} => value deleted successfully.

    The system needed a reboot.

    ==== End of Fixlog 11:09:54 ====

    0
  • Support

    Hi,

     

    Do you still get many popups on several web sites?

    0
  • Customer

    Hi

     


    I haven't had a pop up for ages now... looks like you fixed it for me.

     


    Big thanks

     


    Derek

    0
  • Support

    Hi,

     

    You're welcome

     

    Time for final clean-up.

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Uninstall button.

    2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.
    If any logs remain on the computer you can remove them.
    Any tools left?

    3. Improve the security in the computer
    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0

Please sign in to leave a comment.