dsmith57

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dsmith57

  • Rank
    Member
  1. Hi I haven't had a pop up for ages now... looks like you fixed it for me. Big thanks Derek
  2. Hi new fixlog below Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01 Ran by DEREK at 2015-05-14 11:09:48 Run:3 Running from C:\Users\DEREK\Downloads Loaded Profiles: DEREK (Available profiles: DEREK) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: CloseProcesses: Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-13] ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe (No File) Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk [2015-04-15] ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File) SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms} SearchScopes: HKLM-x32 -> {C519E87B-0F7C-43C3-9455-088DA1389A1E} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms} CHR HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx 2015-04-17 08:49 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\DEREK\Documents\Optimizer Pro 2015-04-15 22:38 - 2015-04-15 22:38 - 00050216 _____ () C:\windows\system32\Drivers\webTinstMKTN84.sys 2015-04-15 22:38 - 2015-04-15 22:38 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe Reboot: ***************** Restore point was successfully created. Processes closed successfully. C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully. C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe not found. C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk => Moved successfully. C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => Key deleted successfully. HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C519E87B-0F7C-43C3-9455-088DA1389A1E} => Key not found. "HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully. C:\Users\DEREK\Documents\Optimizer Pro => Moved successfully. C:\windows\system32\Drivers\webTinstMKTN84.sys => Moved successfully. C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf => Moved successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53527745-9A11-4529-91AB-D6A2155DEAA1} => value deleted successfully. The system needed a reboot. ==== End of Fixlog 11:09:54 ====
  3. OK I am not able to log in for a couple of days, I will try this later in the week thanks
  4. Addition_10-05-2015_19-22-24.txtFRST_10-05-2015_19-22-24.txtI have attached the two new logs
  5. sorry here is the fixlog I am still getting the odd ad pop up (just had one from BITDEFENDER) but this is a great improvement on the ad every 5 seconds that I was getting. I really appreciate your help on this as it was driving me insane!! Derek Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015 Ran by DEREK at 2015-05-09 19:26:57 Run:2 Running from C:\Users\DEREK\Downloads Loaded Profiles: DEREK (Available profiles: DEREK) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [gmsd_gb_263] => [X] HKLM-x32\...\Run: [gmsd_gb_279] => [X] HKLM-x32\...\Run: [gmsd_gb_276] => [X] ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No File Tcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251 FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56}] - C:\Program Files (x86)\version17SpeedChecker\192.xpi R2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed] S2 xqv; c:\windows\xqv.exe [X] R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] () S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X] S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X] 2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_160 2015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe 2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED 2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D 2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv 2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job 2015-04-13 19:13 - 2015-04-13 19:13 - 00004364 _____ () C:\windows\System32\Tasks\QJNFZ 2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job 2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job 2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da 2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat 2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe 2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ 2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP 2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ 2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f0 2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP 2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\DEREK\AppData\Roaming\QJNFZ 2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN 2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ 2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS 2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl C:\Users\All Users\xqv Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe" Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION CMD: ipconfig /flushdns Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_263 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_279 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_276 => value deleted successfully. C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully. "HKCR\CLSID\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}\\NameServer => value deleted successfully. HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Software\Mozilla\Firefox\Extensions\\{C41D5775-C5CE-CBB8-1655-23008F5D8F56} => value deleted successfully. mxqv => Service deleted successfully. xqv => Service deleted successfully. webTinstMKTN84 => Unable to stop service webTinstMKTN84 => Service deleted successfully. e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully. qrnfd_1_10_0_12 => Service deleted successfully. C:\Program Files (x86)\gmsd_gb_160 => Moved successfully. C:\windows\SysWOW64\SetupComponents.exe => Moved successfully. C:\ProgramData\T122078ED => Moved successfully. C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D => Moved successfully. C:\ProgramData\xqv => Moved successfully. C:\windows\Tasks\QJNFZ.job => Moved successfully. C:\windows\System32\Tasks\QJNFZ => Moved successfully. C:\windows\Tasks\WJGSOVQ.job => Moved successfully. C:\windows\Tasks\GYUSUEP.job => Moved successfully. C:\ProgramData\5d7406e0a775469cae25df88a7d255da => Moved successfully. C:\windows\xqv.dat => Moved successfully. C:\windows\mxqv.exe => Moved successfully. C:\windows\System32\Tasks\WJGSOVQ => Moved successfully. C:\windows\System32\Tasks\GYUSUEP => Moved successfully. C:\windows\System32\Tasks\VRATQ => Moved successfully. C:\ProgramData\fdb70e21975a413bb583c3f4758140f0 => Moved successfully. C:\Users\DEREK\AppData\Roaming\GYUSUEP => Moved successfully. C:\Users\DEREK\AppData\Roaming\QJNFZ => Moved successfully. C:\Users\DEREK\AppData\Roaming\SPXPLN => Moved successfully. C:\Users\DEREK\AppData\Roaming\WJGSOVQ => Moved successfully. C:\Users\DEREK\AppData\Roaming\WPRGSTS => Moved successfully. C:\ProgramData\DP45977C.lfl => Moved successfully. "C:\Users\All Users\xqv" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully. C:\Windows\System32\Tasks\WJGSOVQ not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WJGSOVQ" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully. C:\Windows\System32\Tasks\SPXPLN => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPXPLN" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully. C:\Windows\System32\Tasks\QJNFZ not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully. C:\Windows\System32\Tasks\GYUSUEP not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GYUSUEP" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully. C:\Windows\System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully. C:\Windows\System32\Tasks\WPRGSTS => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPRGSTS" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully. C:\Windows\System32\Tasks\VRATQ not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VRATQ" => Key deleted successfully. C:\windows\Tasks\GYUSUEP.job not found. C:\windows\Tasks\QJNFZ.job not found. C:\windows\Tasks\SPXPLN.job => Moved successfully. C:\windows\Tasks\WJGSOVQ.job not found. C:\windows\Tasks\WPRGSTS.job => Moved successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 19:27:38 ====
  6. Hi I have been surfing for about 30 minutes and most of the ads are gone.... hooray!!!! I did get a couple pop up from adchoices after about 5 minutes but they haven't come up since Derek
  7. Hi here is the new fixlog Derek I will come back to you with the result when I have used the net for a while
  8. Hi I have deleted the rogue application files as suggested here is the fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015 Ran by DEREK at 2015-05-09 17:36:09 Run:1 Running from C:\Users\DEREK\Downloads Loaded Profiles: DEREK (Available profiles: DEREK) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKLM-x32\...\Run: [gmsd_gb_263] => [X]HKLM-x32\...\Run: [gmsd_gb_279] => [X]HKLM-x32\...\Run: [gmsd_gb_276] => [X]ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No FileTcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56 }] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000 04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONCMD: ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines. ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CreateRestorePoint:CloseProcesses:gmsd_gb_276 => Value not found. }] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000 => Error: No automatic fix found for this entry. 04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User => Error: No automatic fix found for this entry. ========= s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines. ========= ========= End of CMD: ========= ==== End of Fixlog 17:36:09 ====
  9. Thanks, I have attached the file.... its easy when you know how. DerekFRST_07-05-2015_19-28-51.txt
  10. I have just tried to paste and post the FRST.txt file and it tells me the post is too short, although I think it means too long Is there another way I can do it?
  11. and the final file Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01 Ran by DEREK at 2015-05-07 19:28:35 Running from C:\Users\DEREK\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled) DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software) Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - ) Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.) Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 17-04-2015 08:15:55 Windows Update 26-04-2015 16:27:09 Scheduled Checkpoint 28-04-2015 11:46:18 AA11 01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation) Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation) Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation) Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe" Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll 2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll 2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl 2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe 2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 31.168.228.251 - 82.166.96.251 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xc06d007e Fault offset: 0x00014598 Faulting process ID: 0x13fc Faulting application start time: 0xmpnex40.exe0 Faulting application path: mpnex40.exe1 Faulting module path: mpnex40.exe2 Report ID: mpnex40.exe3 Faulting package full name: mpnex40.exe4 Faulting package-relative application ID: mpnex40.exe5 Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xc06d007e Fault offset: 0x00014598 Faulting process ID: 0x1350 Faulting application start time: 0xmpnex40.exe0 Faulting application path: mpnex40.exe1 Faulting module path: mpnex40.exe2 Report ID: mpnex40.exe3 Faulting package full name: mpnex40.exe4 Faulting package-relative application ID: mpnex40.exe5 Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME) Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2fb4 Start Time: 01d081ba1bc3ffd0 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d Faulting package full name: Faulting package-relative application ID: Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] System errors: ============= Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Windows RE toolsThe parameter is incorrect. (0x80070057) Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME) Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] ==================== Memory info =========================== Processor: Intel® Core i7-4820K CPU @ 3.70GHz Percentage of memory in use: 21% Total physical RAM: 16319.43 MB Available physical RAM: 12741.02 MB Total Pagefile: 18751.43 MB Available Pagefile: 16097.71 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367) Partition: GPT Partition Type. ==================== End Of Log ============================
  12. The addition file Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01 Ran by DEREK at 2015-05-07 19:28:35 Running from C:\Users\DEREK\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled) DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software) Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - ) Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.) Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 17-04-2015 08:15:55 Windows Update 26-04-2015 16:27:09 Scheduled Checkpoint 28-04-2015 11:46:18 AA11 01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation) Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation) Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation) Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe" Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll 2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll 2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl 2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl 2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe 2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 31.168.228.251 - 82.166.96.251 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools" HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xc06d007e Fault offset: 0x00014598 Faulting process ID: 0x13fc Faulting application start time: 0xmpnex40.exe0 Faulting application path: mpnex40.exe1 Faulting module path: mpnex40.exe2 Report ID: mpnex40.exe3 Faulting package full name: mpnex40.exe4 Faulting package-relative application ID: mpnex40.exe5 Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xc06d007e Fault offset: 0x00014598 Faulting process ID: 0x1350 Faulting application start time: 0xmpnex40.exe0 Faulting application path: mpnex40.exe1 Faulting module path: mpnex40.exe2 Report ID: mpnex40.exe3 Faulting package full name: mpnex40.exe4 Faulting package-relative application ID: mpnex40.exe5 Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME) Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2fb4 Start Time: 01d081ba1bc3ffd0 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d Faulting package full name: Faulting package-relative application ID: Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] System errors: ============= Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The xqv service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Windows RE toolsThe parameter is incorrect. (0x80070057) Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME) Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: ) Description: MAPI error: General MAPI failure [2] ==================== Memory info =========================== Processor: Intel® Core i7-4820K CPU @ 3.70GHz Percentage of memory in use: 21% Total physical RAM: 16319.43 MB Available physical RAM: 12741.02 MB Total Pagefile: 18751.43 MB Available Pagefile: 16097.71 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367) Partition: GPT Partition Type. ==================== End Of Log ============================
  13. Hi I am trying to copy the other files but it is still telling me my post is too short.... I think it means too long This is the adwcleaner file # AdwCleaner v4.203 - Logfile created 07/05/2015 at 19:14:05 # Updated 30/04/2015 by Xplode # Database : 2015-05-05.1 [server] # Operating system : Windows 8.1 (x64) # Username : DEREK - DEREKHOME # Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 ************************* AdwCleaner[R0].txt - [11069 bytes] - [05/05/2015 19:07:29] AdwCleaner[R1].txt - [671 bytes] - [07/05/2015 19:14:05] AdwCleaner[s0].txt - [10414 bytes] - [05/05/2015 19:13:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [789 bytes] ##########
  14. Hi I am trying to reply but the site keeps telling me the reply is too short... strange given that I copied all 4 large text files I have copied the eset file here C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\192_x64.dll.vir a variant of Win64/Adware.AddLyrics.I application C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\x64\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir a variant of Win32/ELEX.DH potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir Win32/ELEX.BM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir Win32/ELEX.BM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D\vnsz47AB.tmp.vir a variant of Win32/Adware.ConvertAd.KZ.gen application C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application C:\ProgramData\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application C:\Users\All Users\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application C:\Users\DEREK\AppData\Roaming\GYUSUEP JS/Toolbar.Crossrider.C potentially unwanted application C:\Users\DEREK\AppData\Roaming\QJNFZ JS/Toolbar.Crossrider.C potentially unwanted application C:\Users\DEREK\AppData\Roaming\SPXPLN JS/Toolbar.Crossrider.C potentially unwanted application C:\Users\DEREK\AppData\Roaming\WJGSOVQ JS/Toolbar.Crossrider.C potentially unwanted application C:\Users\DEREK\AppData\Roaming\WPRGSTS JS/Toolbar.Crossrider.C potentially unwanted application C:\Users\DEREK\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application C:\Users\DEREK\Downloads\ErrorEND_Installer.exe multiple threats C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014 (1).exe a variant of Win32/Systweak.R potentially unwanted application C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014.exe a variant of Win32/Systweak.R potentially unwanted application C:\Users\DEREK\Downloads\itunes6464setup.exe a variant of Win32/InstallCore.YH potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 226548.crdownload Win32/Toolbar.SearchSuite potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 295414.crdownload Win32/Toolbar.SearchSuite potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 482695.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 55255.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 612979.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 753557.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 769870.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 776757.crdownload a variant of Win32/AdGazelle.F potentially unwanted application C:\Users\DEREK\Downloads\Unconfirmed 959552.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application C:\Windows\mxqv.exe a variant of Win32/TrojanDownloader.Adcurl.A trojan C:\Windows\Installer\12acb747.msi a variant of Win32/Komodia.A potentially unsafe application C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
  15. Hi Here is the log file from AdwCleaner # AdwCleaner v4.203 - Logfile created 05/05/2015 at 19:07:29 # Updated 30/04/2015 by Xplode # Database : 2015-05-02.1 [server] # Operating system : Windows 8.1 (x64) # Username : DEREK - DEREKHOME # Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe # Option : Scan ***** [ Services ] ***** Service Found : ClaraUpdater ***** [ Files / Folders ] ***** File Found : C:\claraInstaller.txt File Found : C:\END File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.boostrap.log File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.installation.log File Found : C:\Users\DEREK\AppData\Roaming\Selection Tools.installation.log File Found : C:\Users\DEREK\AppData\Roaming\WindApp.boostrap.log File Found : C:\Users\DEREK\AppData\Roaming\WindApp.installation.log File Found : C:\windows\patsearch.bin Folder Found : C:\Program Files (x86)\CloudScout Parental Control Folder Found : C:\Program Files (x86)\Common Files\ClaraUpdater Folder Found : C:\Program Files (x86)\globalUpdate Folder Found : C:\Program Files (x86)\GUPlayer Folder Found : C:\Program Files (x86)\predm Folder Found : C:\Program Files (x86)\version17SpeedChecker Folder Found : C:\Program Files (x86)\XTab Folder Found : C:\Program Files\Common Files\pastaleads Folder Found : C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb} Folder Found : C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700} Folder Found : C:\ProgramData\7f4521b200006282 Folder Found : C:\ProgramData\c26f6ad5000016ed Folder Found : C:\ProgramData\IHProtectUpDate Folder Found : C:\ProgramData\LolliScan Folder Found : C:\ProgramData\PastaLeadsAgent Folder Found : C:\ProgramData\WindowsMangerProtect Folder Found : C:\Users\DEREK\AppData\Local\globalUpdate Folder Found : C:\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D Folder Found : C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer Folder Found : C:\Users\DEREK\AppData\Roaming\Nosibay Folder Found : C:\Users\DEREK\AppData\Roaming\Store Folder Found : C:\Users\DEREK\AppData\Roaming\WebExtend Folder Found : C:\Users\DEREK\AppData\Roaming\WTools Folder Found : C:\Users\DEREK\SupTab ***** [ Scheduled tasks ] ***** Task Found : Optimizer Pro Schedule Task Found : Run_Browser Task Found : SpeedChecker Update Task Found : LaunchPreSignup Task Found : SpeedChecker Update ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\DynConIE Key Found : HKCU\Software\ArenaHD Key Found : HKCU\Software\ClientConnect Key Found : HKCU\Software\CommunityCrawlingService Key Found : HKCU\Software\GAMESDESKTOP Key Found : HKCU\Software\GlobalUpdate Key Found : HKCU\Software\HighDefAction Key Found : HKCU\Software\HomeTab Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Linkey Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance Key Found : HKCU\Software\Nosibay Key Found : HKCU\Software\Optimizer Pro Key Found : HKCU\Software\SearchProtectWS Key Found : HKCU\Software\simplytech Key Found : HKCU\Software\Store Key Found : HKCU\Software\Super Optimizer Key Found : HKCU\Software\TNT2 Key Found : HKCU\Software\UnicoBrowser Key Found : HKCU\Software\WajIntEnhance Key Found : HKCU\Software\Wnkey Key Found : HKCU\Software\WTools Key Found : HKCU\Software\YorkNewCin Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\ArenaHD Key Found : [x64] HKCU\Software\ClientConnect Key Found : [x64] HKCU\Software\CommunityCrawlingService Key Found : [x64] HKCU\Software\GAMESDESKTOP Key Found : [x64] HKCU\Software\GlobalUpdate Key Found : [x64] HKCU\Software\HighDefAction Key Found : [x64] HKCU\Software\HomeTab Key Found : [x64] HKCU\Software\InstalledBrowserExtensions Key Found : [x64] HKCU\Software\Linkey Key Found : [x64] HKCU\Software\Nosibay Key Found : [x64] HKCU\Software\Optimizer Pro Key Found : [x64] HKCU\Software\SearchProtectWS Key Found : [x64] HKCU\Software\simplytech Key Found : [x64] HKCU\Software\Store Key Found : [x64] HKCU\Software\Super Optimizer Key Found : [x64] HKCU\Software\TNT2 Key Found : [x64] HKCU\Software\UnicoBrowser Key Found : [x64] HKCU\Software\WajIntEnhance Key Found : [x64] HKCU\Software\Wnkey Key Found : [x64] HKCU\Software\WTools Key Found : [x64] HKCU\Software\YorkNewCin Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\213cf771-897f-7e6b-1386-164f09382ea2 Key Found : HKLM\SOFTWARE\AIM Toolbar Key Found : HKLM\SOFTWARE\ArenaHD Key Found : HKLM\SOFTWARE\AskPartnerNetwork Key Found : HKLM\SOFTWARE\Clara Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Key Found : HKLM\SOFTWARE\CommunityCrawlingService Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\GlobalUpdate Key Found : HKLM\SOFTWARE\HighDefAction Key Found : HKLM\SOFTWARE\IHProtect Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions Key Found : HKLM\SOFTWARE\istartsurfSoftware Key Found : HKLM\SOFTWARE\LolliScan Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\unicobrowser.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance Key Found : HKLM\SOFTWARE\mystartsearchSoftware Key Found : HKLM\SOFTWARE\SearchProtect Key Found : HKLM\SOFTWARE\SpeedBit Key Found : HKLM\SOFTWARE\SupDp Key Found : HKLM\SOFTWARE\SupTab Key Found : HKLM\SOFTWARE\Tutorials Key Found : HKLM\SOFTWARE\WajIntEnhance Key Found : HKLM\SOFTWARE\WebProtector Key Found : HKLM\SOFTWARE\YorkNewCin Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Found : [x64] HKLM\SOFTWARE\ArenaHD Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Found : [x64] HKLM\SOFTWARE\HighDefAction Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Key Found : [x64] HKLM\SOFTWARE\LolliScan Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E} Key Found : [x64] HKLM\SOFTWARE\WebBar Key Found : [x64] HKLM\SOFTWARE\YorkNewCin ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 ************************* AdwCleaner[R0].txt - [10757 bytes] - [05/05/2015 19:07:29] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10817 bytes] ########## -----Original Message----- From: Lavasoft Support Forums [mailto:[email protected]] Sent: 05 May 2015 17:04 To: [email protected] Subject: New reply to huge amount of ads mostly by speedchecker dsmith57, CeciliaB (http://www.lavasoftsupport.com/index.php?/user/79449-ceciliab/) has just posted a reply to a topic that you have subscribed to titled "huge amount of ads mostly by speedchecker". ---------------------------------------------------------------------- Hi dsmith57, Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/(https://toolslib.net/downloads/viewdownload/1-adwcleaner/) Turn off all programs, including browsers. Double-click on AdwCleaner to start the program. Click on the Scan button. Wait until the search has finished. Click on the Log file button. A report will be displayed, copy its content and paste into your reply. If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt. ---------------------------------------------------------------------- The topic can be found here: http://www.lavasoftsupport.com/index.php?/topic/34250-huge-amount-of-ads-mostly-by-speedchecker/?view=getnewpost If you have configured in your control panel to receive immediate topic reply notifications, you may receive an email for each reply made to this topic. Otherwise, only 1 email is sent per board visit for each subscribed topic. This is to limit the amount of mail that is sent to your inbox. You can unsubscribe at any time here: http://www.lavasoftsupport.com/index.php?/unsubscribe/Zm9ydW1zO3RvcGljczszNDI1MDsxMDc5NDk7MTA3OTQ5O3NtaXRoczIxb2tsQG50bHdvcmxkLmNvbQ,,/