Sign in to follow this  
dsmith57

huge amount of ads mostly by speedchecker

Recommended Posts

I am inundated with pop up ads on line mostly by speedchecker or media downloader. While writing this so far I have had about 20 ads come up a lot of which tell me I have a problem that needs fixing and suggesting I download a fix.

I have attached log files from a FRST scan

Addition_05-05-2015_14-43-04.txt

FRST_05-05-2015_14-43-04.txt

 

I have done an adaware pro scan, done all the usual pop up blockers and reset internet options etc but cannot get rid of these pop up ads which even stopped me using links on this Lavasoft help forum.

 

Help!!!!!

Share this post


Link to post
Share on other sites

Hi dsmith57,

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Hi

 

Here is the log file from AdwCleaner

 

 

# AdwCleaner v4.203 - Logfile created 05/05/2015 at 19:07:29 # Updated 30/04/2015 by Xplode # Database : 2015-05-02.1 [server] # Operating system : Windows 8.1 (x64) # Username : DEREK - DEREKHOME # Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : ClaraUpdater

 

***** [ Files / Folders ] *****

 

File Found : C:\claraInstaller.txt

File Found : C:\END

File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.boostrap.log File Found : C:\Users\DEREK\AppData\Roaming\Bubble Dock.installation.log File Found : C:\Users\DEREK\AppData\Roaming\Selection Tools.installation.log File Found : C:\Users\DEREK\AppData\Roaming\WindApp.boostrap.log

File Found : C:\Users\DEREK\AppData\Roaming\WindApp.installation.log

File Found : C:\windows\patsearch.bin

Folder Found : C:\Program Files (x86)\CloudScout Parental Control Folder Found : C:\Program Files (x86)\Common Files\ClaraUpdater Folder Found : C:\Program Files (x86)\globalUpdate Folder Found : C:\Program Files (x86)\GUPlayer Folder Found : C:\Program Files (x86)\predm Folder Found : C:\Program Files (x86)\version17SpeedChecker Folder Found : C:\Program Files (x86)\XTab Folder Found : C:\Program Files\Common Files\pastaleads Folder Found : C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}

Folder Found : C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}

Folder Found : C:\ProgramData\7f4521b200006282 Folder Found : C:\ProgramData\c26f6ad5000016ed Folder Found : C:\ProgramData\IHProtectUpDate Folder Found : C:\ProgramData\LolliScan Folder Found : C:\ProgramData\PastaLeadsAgent Folder Found : C:\ProgramData\WindowsMangerProtect

Folder Found : C:\Users\DEREK\AppData\Local\globalUpdate

Folder Found : C:\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D

Folder Found : C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer Folder Found : C:\Users\DEREK\AppData\Roaming\Nosibay

Folder Found : C:\Users\DEREK\AppData\Roaming\Store

Folder Found : C:\Users\DEREK\AppData\Roaming\WebExtend

Folder Found : C:\Users\DEREK\AppData\Roaming\WTools

Folder Found : C:\Users\DEREK\SupTab

 

***** [ Scheduled tasks ] *****

 

Task Found : Optimizer Pro Schedule

Task Found : Run_Browser

Task Found : SpeedChecker Update

Task Found : LaunchPreSignup

Task Found : SpeedChecker Update

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DynConIE

Key Found : HKCU\Software\ArenaHD

Key Found : HKCU\Software\ClientConnect

Key Found : HKCU\Software\CommunityCrawlingService

Key Found : HKCU\Software\GAMESDESKTOP

Key Found : HKCU\Software\GlobalUpdate

Key Found : HKCU\Software\HighDefAction

Key Found : HKCU\Software\HomeTab

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Linkey

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

Key Found : HKCU\Software\Nosibay

Key Found : HKCU\Software\Optimizer Pro

Key Found : HKCU\Software\SearchProtectWS Key Found : HKCU\Software\simplytech Key Found : HKCU\Software\Store Key Found : HKCU\Software\Super Optimizer Key Found : HKCU\Software\TNT2 Key Found : HKCU\Software\UnicoBrowser Key Found : HKCU\Software\WajIntEnhance Key Found : HKCU\Software\Wnkey Key Found : HKCU\Software\WTools Key Found : HKCU\Software\YorkNewCin Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\ArenaHD Key Found : [x64] HKCU\Software\ClientConnect Key Found : [x64] HKCU\Software\CommunityCrawlingService

Key Found : [x64] HKCU\Software\GAMESDESKTOP Key Found : [x64] HKCU\Software\GlobalUpdate Key Found : [x64] HKCU\Software\HighDefAction Key Found : [x64] HKCU\Software\HomeTab Key Found : [x64] HKCU\Software\InstalledBrowserExtensions

Key Found : [x64] HKCU\Software\Linkey

Key Found : [x64] HKCU\Software\Nosibay

Key Found : [x64] HKCU\Software\Optimizer Pro Key Found : [x64] HKCU\Software\SearchProtectWS Key Found : [x64] HKCU\Software\simplytech Key Found : [x64] HKCU\Software\Store Key Found : [x64] HKCU\Software\Super Optimizer Key Found : [x64] HKCU\Software\TNT2 Key Found : [x64] HKCU\Software\UnicoBrowser Key Found : [x64] HKCU\Software\WajIntEnhance Key Found : [x64] HKCU\Software\Wnkey Key Found : [x64] HKCU\Software\WTools Key Found : [x64] HKCU\Software\YorkNewCin Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\213cf771-897f-7e6b-1386-164f09382ea2

Key Found : HKLM\SOFTWARE\AIM Toolbar

Key Found : HKLM\SOFTWARE\ArenaHD

Key Found : HKLM\SOFTWARE\AskPartnerNetwork Key Found : HKLM\SOFTWARE\Clara Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Key Found : HKLM\SOFTWARE\CommunityCrawlingService

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\GlobalUpdate

Key Found : HKLM\SOFTWARE\HighDefAction

Key Found : HKLM\SOFTWARE\IHProtect

Key Found : HKLM\SOFTWARE\Iminent

Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Found : HKLM\SOFTWARE\istartsurfSoftware Key Found : HKLM\SOFTWARE\LolliScan Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\unicobrowser.exe

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

Key Found : HKLM\SOFTWARE\mystartsearchSoftware

Key Found : HKLM\SOFTWARE\SearchProtect

Key Found : HKLM\SOFTWARE\SpeedBit

Key Found : HKLM\SOFTWARE\SupDp

Key Found : HKLM\SOFTWARE\SupTab

Key Found : HKLM\SOFTWARE\Tutorials

Key Found : HKLM\SOFTWARE\WajIntEnhance

Key Found : HKLM\SOFTWARE\WebProtector

Key Found : HKLM\SOFTWARE\YorkNewCin

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Key Found : [x64] HKLM\SOFTWARE\ArenaHD

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Found : [x64] HKLM\SOFTWARE\HighDefAction Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Key Found : [x64] HKLM\SOFTWARE\LolliScan Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E}

Key Found : [x64] HKLM\SOFTWARE\WebBar

Key Found : [x64] HKLM\SOFTWARE\YorkNewCin

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

*************************

 

AdwCleaner[R0].txt - [10757 bytes] - [05/05/2015 19:07:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10817 bytes] ##########

 

-----Original Message-----

From: Lavasoft Support Forums [mailto:[email protected]]

Sent: 05 May 2015 17:04

To: [email protected]

Subject: New reply to huge amount of ads mostly by speedchecker

 

 

dsmith57,

 

CeciliaB (http://www.lavasoftsupport.com/index.php?/user/79449-ceciliab/) has just posted a reply to a topic that you have subscribed to titled "huge amount of ads mostly by speedchecker".

 

----------------------------------------------------------------------

Hi dsmith57,

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/(https://toolslib.net/downloads/viewdownload/1-adwcleaner/)

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Log file button.

A report will be displayed, copy its content and paste into your reply.

If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

 

----------------------------------------------------------------------

 

The topic can be found here: http://www.lavasoftsupport.com/index.php?/topic/34250-huge-amount-of-ads-mostly-by-speedchecker/?view=getnewpost

 

If you have configured in your control panel to receive immediate topic reply notifications, you may receive an email for each reply made to this topic. Otherwise, only 1 email is sent per board visit for each subscribed topic.

This is to limit the amount of mail that is sent to your inbox.

 

You can unsubscribe at any time here: http://www.lavasoftsupport.com/index.php?/unsubscribe/Zm9ydW1zO3RvcGljczszNDI1MDsxMDc5NDk7MTA3OTQ5O3NtaXRoczIxb2tsQG50bHdvcmxkLmNvbQ,,/

Share this post


Link to post
Share on other sites

Hi,

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

2. Do a full scan with Ad-Aware and let it move everything it finds to its quarantine.

 

 

3. Start FRST.

Select Addition.txt.

Scan with the program and attach the two new logs.

 

 

4.Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Hi

 

I am trying to reply but the site keeps telling me the reply is too short... strange given that I copied all 4 large text files

 

I have copied the eset file here

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\192_x64.dll.vir a variant of Win64/Adware.AddLyrics.I application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version17SpeedChecker\x64\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir a variant of Win32/ELEX.DH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\1E009920-1429002734-6400-DC40-AC9E17B6F48D\vnsz47AB.tmp.vir a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\AdwCleaner\Quarantine\C\Users\DEREK\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application
C:\ProgramData\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application
C:\Users\All Users\xqv\A630CABECD404DB9948B475C89DF8797\setup.exe Win32/BubbleDock.A potentially unwanted application
C:\Users\DEREK\AppData\Roaming\GYUSUEP JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\DEREK\AppData\Roaming\QJNFZ JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\DEREK\AppData\Roaming\SPXPLN JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\DEREK\AppData\Roaming\WJGSOVQ JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\DEREK\AppData\Roaming\WPRGSTS JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\DEREK\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application
C:\Users\DEREK\Downloads\ErrorEND_Installer.exe multiple threats
C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014 (1).exe a variant of Win32/Systweak.R potentially unwanted application
C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014.exe a variant of Win32/Systweak.R potentially unwanted application
C:\Users\DEREK\Downloads\itunes6464setup.exe a variant of Win32/InstallCore.YH potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 226548.crdownload Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 295414.crdownload Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 482695.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 55255.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 612979.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 753557.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 769870.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 776757.crdownload a variant of Win32/AdGazelle.F potentially unwanted application
C:\Users\DEREK\Downloads\Unconfirmed 959552.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application
C:\Windows\mxqv.exe a variant of Win32/TrojanDownloader.Adcurl.A trojan
C:\Windows\Installer\12acb747.msi a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

Share this post


Link to post
Share on other sites

Hi

 

I am trying to copy the other files but it is still telling me my post is too short.... I think it means too long

 

This is the adwcleaner file

 

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 19:14:05

# Updated 30/04/2015 by Xplode

# Database : 2015-05-05.1 [server]

# Operating system : Windows 8.1 (x64)

# Username : DEREK - DEREKHOME

# Running from : C:\Users\DEREK\Desktop\adwcleaner_4.203.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

*************************

 

AdwCleaner[R0].txt - [11069 bytes] - [05/05/2015 19:07:29]

AdwCleaner[R1].txt - [671 bytes] - [07/05/2015 19:14:05]

AdwCleaner[s0].txt - [10414 bytes] - [05/05/2015 19:13:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [789 bytes] ##########

Share this post


Link to post
Share on other sites

The addition file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by DEREK at 2015-05-07 19:28:35
Running from C:\Users\DEREK\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled)
DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK
Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software)
Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden
Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden
Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

17-04-2015 08:15:55 Windows Update
26-04-2015 16:27:09 Scheduled Checkpoint
28-04-2015 11:46:18 AA11
01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation)
Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation)
Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll
2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe
2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 31.168.228.251 - 82.166.96.251

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc06d007e
Fault offset: 0x00014598
Faulting process ID: 0x13fc
Faulting application start time: 0xmpnex40.exe0
Faulting application path: mpnex40.exe1
Faulting module path: mpnex40.exe2
Report ID: mpnex40.exe3
Faulting package full name: mpnex40.exe4
Faulting package-relative application ID: mpnex40.exe5

Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc06d007e
Fault offset: 0x00014598
Faulting process ID: 0x1350
Faulting application start time: 0xmpnex40.exe0
Faulting application path: mpnex40.exe1
Faulting module path: mpnex40.exe2
Report ID: mpnex40.exe3
Faulting package full name: mpnex40.exe4
Faulting package-relative application ID: mpnex40.exe5

Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2fb4

Start Time: 01d081ba1bc3ffd0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe

Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

System errors:
=============
Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d

Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d

Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

==================== Memory info ===========================

Processor: Intel® Core i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 21%
Total physical RAM: 16319.43 MB
Available physical RAM: 12741.02 MB
Total Pagefile: 18751.43 MB
Available Pagefile: 16097.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367)

Partition: GPT Partition Type.

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

and the final file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by DEREK at 2015-05-07 19:28:35
Running from C:\Users\DEREK\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-667583394-3145178462-1277471955-500 - Administrator - Disabled)
DEREK (S-1-5-21-667583394-3145178462-1277471955-1001 - Administrator - Enabled) => C:\Users\DEREK
Guest (S-1-5-21-667583394-3145178462-1277471955-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.29.03 - Perspective Software)
Blue Iris 3 (x32 Version: 3.29.03 - Perspective Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Elevated Installer (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Garmin Express (HKLM-x32\...\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}) (Version: 4.0.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.13.0 - Garmin Ltd or its subsidiaries) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Microsoft OneDrive (HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden
Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden
Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Sage 50 Payroll (HKLM-x32\...\{61FFC9B8-63B2-460A-81F0-99533310941F}) (Version: 21.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{9331A6A2-98C6-42F4-B981-FBA24672D3D8}) (Version: 21.01 - Sage (UK) Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-667583394-3145178462-1277471955-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DEREK\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

17-04-2015 08:15:55 Windows Update
26-04-2015 16:27:09 Scheduled Checkpoint
28-04-2015 11:46:18 AA11
01-05-2015 15:25:18 Installed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E04493-A814-411C-8219-FF96EC616811} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {1556B1C2-43C1-40B4-9E66-91920993208F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: {2409E62C-2E2D-44AF-9493-3548F8C2BF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: {37098AAB-02DB-4A41-8AA1-C33835A94183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {63309F19-CB42-4058-BB59-201F8BF20F53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEREKHOME-DEREK DEREKHOME => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-29] (Microsoft Corporation)
Task: {9B85AEC7-D7D2-4331-904B-CC0EA0D2E803} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9247618-A96E-4DD6-961A-A4997942B6EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B466B1EA-95CD-4934-A370-C2383480ACE1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-29] (Microsoft Corporation)
Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: {C656BDA3-EB9E-4095-B111-BF4D51BD4882} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CD3B6025-305D-4D19-9F11-EBB02965CB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
Task: {EDCB5147-D4EF-4D35-8B2A-B8C3AF0470D8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-667583394-3145178462-1277471955-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F0F0D36A-4A48-45C9-AC42-4079BBC3F5F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-23 11:52 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-26 21:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-04-28 15:16 - 2015-01-06 12:47 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll
2015-04-28 15:17 - 2015-04-28 15:17 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-04-28 15:17 - 2015-04-28 15:17 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () c:\windows\mxqv.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-27 09:33 - 2015-03-27 09:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2013-04-25 16:20 - 2013-04-25 16:20 - 00059776 _____ () C:\Program Files (x86)\Blue Iris 3\BlueIrisService.exe
2015-03-27 09:33 - 2015-03-27 09:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-03-25 23:33 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-25 23:33 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-25 23:33 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-25 23:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-25 23:33 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-25 23:33 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-27 09:32 - 2015-03-27 09:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-29 11:45 - 2015-04-29 11:48 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2008-01-26 13:07 - 2008-01-26 13:07 - 00135168 _____ () C:\Program Files (x86)\Blue Iris 3\HHNetClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\DEREK\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 31.168.228.251 - 82.166.96.251

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\StartupFolder: => "OptimizerPro-UNInstaller.lnk"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "GamesBot"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "Selection Tools"
HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\StartupApproved\Run: => "WindApp"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{71968216-500D-427B-B8B9-F6495F51E45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C99B100D-7B2F-4B5B-945A-74F02027B4AF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC937D58-38E4-4DA0-8C8E-EDD7B07D6D13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{867F9844-462B-4C74-9D38-0BC689634735}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{804322DD-E4E0-450B-BDC6-6CE414397719}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE47D30B-B2A2-42A0-A90B-97976AEB14DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B4853526-0429-4F43-82B2-789E7D8EA80E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8EEE4471-6C3A-46B6-A2F0-C122D24E2272}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0662F00D-645C-4241-9B82-FB4147ED4FB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8E1FF2E-5B18-4B36-A61C-31BC660C3A00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F76265AD-7566-4CFE-BD81-6ECE3F0839A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B8D05DE7-10AC-49A2-99CC-2D17007CCA63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0F4694DF-427E-4B42-994F-40FC64B23390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1ABDFEC3-1246-438C-BEFA-41623FCB5903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{0097CB06-8611-4C09-88B0-E166B441A053}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
FirewallRules: [uDP Query User{1243B5C8-6D2A-4E49-B7CA-92A1A198E445}C:\program files (x86)\blue iris 3\blueiris.exe] => (Allow) C:\program files (x86)\blue iris 3\blueiris.exe
FirewallRules: [{63464AF1-2138-44CA-BB2B-9D16522B11AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D957267B-C964-4A26-AF0E-C4020880BCC3}] => (Allow) C:\Users\DEREK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [{B6792D5F-F272-4C34-98EF-AD2C2D27B57B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{227BA231-6746-415B-9E7E-692662A62CCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{072FB766-840C-4283-ABC5-9516AA9A7981}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F3997760-8908-4B4E-8EE7-AB557C4D52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A11468DB-9015-4358-B236-1C5B4084F96B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc06d007e
Fault offset: 0x00014598
Faulting process ID: 0x13fc
Faulting application start time: 0xmpnex40.exe0
Faulting application path: mpnex40.exe1
Faulting module path: mpnex40.exe2
Report ID: mpnex40.exe3
Faulting package full name: mpnex40.exe4
Faulting package-relative application ID: mpnex40.exe5

Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpnex40.exe, version: 4.0.3.0, time stamp: 0x53acec18
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc06d007e
Fault offset: 0x00014598
Faulting process ID: 0x1350
Faulting application start time: 0xmpnex40.exe0
Faulting application path: mpnex40.exe1
Faulting module path: mpnex40.exe2
Report ID: mpnex40.exe3
Faulting package full name: mpnex40.exe4
Faulting package-relative application ID: mpnex40.exe5

Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SBDDesktop.exe version 12.1.369.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2fb4

Start Time: 01d081ba1bc3ffd0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe

Report Id: fd4ff5d7-edad-11e4-8284-ac9e17b6f48d

Faulting package full name:

Faulting package-relative application ID:

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

System errors:
=============
Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Error: (05/07/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The xqv service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (05/07/2015 05:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e0001459813fc01d088e66112793dC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll0b791acd-f4da-11e4-828a-ac9e17b6f48d

Error: (05/07/2015 05:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mpnex40.exe4.0.3.053acec18KERNELBASE.dll6.3.9600.1741554504adec06d007e00014598135001d088e62511ae1bC:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exeC:\windows\SYSTEM32\KERNELBASE.dll7ca310ed-f4d9-11e4-828a-ac9e17b6f48d

Error: (05/05/2015 10:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (05/05/2015 10:15:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 03:20:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/29/2015 00:17:47 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/29/2015 11:37:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DEREKHOME)
Description: 2C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface022176528243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

Error: (04/28/2015 02:53:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SBDDesktop.exe12.1.369.02fb401d081ba1bc3ffd04294967295C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exefd4ff5d7-edad-11e4-8284-ac9e17b6f48d

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

Error: (04/28/2015 02:50:24 PM) (Source: Sage Report Designer) (EventID: 0) (User: )
Description: MAPI error: General MAPI failure [2]

==================== Memory info ===========================

Processor: Intel® Core i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 21%
Total physical RAM: 16319.43 MB
Available physical RAM: 12741.02 MB
Total Pagefile: 18751.43 MB
Available Pagefile: 16097.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:216.55 GB) (Free:25.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: E2218367)

Partition: GPT Partition Type.

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Sorry, but you pasted Addition.txt twice and FRST.txt not at all.

Share this post


Link to post
Share on other sites

I have just tried to paste and post the FRST.txt file and it tells me the post is too short, although I think it means too long

 

Is there another way I can do it?

Share this post


Link to post
Share on other sites

You're right, it must be some kind of bug in the forum program.

 

You can either split the log between two replies or you can attach the log file. To attach a file click the "More Reply Options" button and follow the instructions for attachments.

Share this post


Link to post
Share on other sites

1.

C:\Users\DEREK\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application

C:\Users\DEREK\Downloads\ErrorEND_Installer.exe multiple threats

C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014 (1).exe a variant of Win32/Systweak.R potentially unwanted application

C:\Users\DEREK\Downloads\Garmin_Nüvi_2445LM_Driver_Update_05-2014.exe a variant of Win32/Systweak.R potentially unwanted application

C:\Users\DEREK\Downloads\itunes6464setup.exe a variant of Win32/InstallCore.YH potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 226548.crdownload Win32/Toolbar.SearchSuite potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 295414.crdownload Win32/Toolbar.SearchSuite potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 482695.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 55255.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 612979.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 753557.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 769870.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 776757.crdownload a variant of Win32/AdGazelle.F potentially unwanted application

C:\Users\DEREK\Downloads\Unconfirmed 959552.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application

 

Those are downloaded installation files in your Downloads folder and they will all try to install adware or unnecessary programs during the installation. It's up to you if you want to keep them.

 

 

2. Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_gb_263] => [X]
HKLM-x32\...\Run: [gmsd_gb_279] => [X]
HKLM-x32\...\Run: [gmsd_gb_276] => [X]
ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No File
Tcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251
FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56}] - C:\Program Files (x86)\version17SpeedChecker\192.xpi
R2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]
S2 xqv; c:\windows\xqv.exe [X]
R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]
2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_160
2015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe
2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D
2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv
2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job
2015-04-13 19:13 - 2015-04-13 19:13 - 00004364 _____ () C:\windows\System32\Tasks\QJNFZ
2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job
2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job
2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da
2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat
2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ
2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP
2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ
2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f0
2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\DEREK\AppData\Roaming\QJNFZ
2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN
2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ
2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS
2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\All Users\xqv
Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"
Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe
Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION
Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION
Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION
Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION
CMD: ipconfig /flushdns
Reboot:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

 

If you can't surf after the fix, please do a system restore to the restore point created by FRST and I'll give you another script.

Share this post


Link to post
Share on other sites

Hi

 

I have deleted the rogue application files as suggested

 

here is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015

Ran by DEREK at 2015-05-09 17:36:09 Run:1

Running from C:\Users\DEREK\Downloads

Loaded Profiles: DEREK (Available profiles: DEREK)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKLM-x32\...\Run: [gmsd_gb_263] => [X]HKLM-x32\...\Run: [gmsd_gb_279] => [X]HKLM-x32\...\Run: [gmsd_gb_276] => [X]ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No FileTcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56

}] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000

04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User

s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONCMD: ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines.

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CreateRestorePoint:CloseProcesses:gmsd_gb_276 => Value not found.

}] - C:\Program Files (x86)\version17SpeedChecker\192.xpiR2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]S2 xqv; c:\windows\xqv.exe [X]R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_1602015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job2015-04-13 19:13 - 2015-04-13 19:13 - 000 => Error: No automatic fix found for this entry.

04364 _____ () C:\windows\System32\Tasks\QJNFZ2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f02015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\User => Error: No automatic fix found for this entry.

 

========= s\DEREK\AppData\Roaming\QJNFZ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflC:\Users\All Users\xqvTask: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Task s\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTIONTask: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exeTask: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTIONTask: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTIONTask: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTIONTask: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTIONTask: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION ipconfig /flushdnsReboot:and paste in Notepad. Check that no files have been split on two lines. =========

 

 

========= End of CMD: =========

 

 

==== End of Fixlog 17:36:09 ====

Share this post


Link to post
Share on other sites

I don't know how you created fixlist.txt, but you can't copy from the subscription email, you have to copy from the post in the forum. The fixlist.txt you used didn't have the correct line breaks. Please, try again.

 

Have all extra ads disappeared?

Any more questions before I write how you can uninstall FRST and AdwCleaner?

Share this post


Link to post
Share on other sites

Hi

 

I have been surfing for about 30 minutes and most of the ads are gone.... hooray!!!!

 

I did get a couple pop up from adchoices after about 5 minutes but they haven't come up since

 

Derek

Share this post


Link to post
Share on other sites

Hi Derek,

 

You forgot to paste the new fixlog.

 

Good that the ads are gone :)

Share this post


Link to post
Share on other sites

sorry

 

here is the fixlog

 

I am still getting the odd ad pop up (just had one from BITDEFENDER) but this is a great improvement on the ad every 5 seconds that I was getting.

 

I really appreciate your help on this as it was driving me insane!!

 

Derek

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015

Ran by DEREK at 2015-05-09 19:26:57 Run:2

Running from C:\Users\DEREK\Downloads

Loaded Profiles: DEREK (Available profiles: DEREK)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

CloseProcesses:

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [gmsd_gb_263] => [X]

HKLM-x32\...\Run: [gmsd_gb_279] => [X]

HKLM-x32\...\Run: [gmsd_gb_276] => [X]

ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: SpeedChecker -> {C1E5846F-925D-1332-CE73-D0DDF382E5E4} -> C:\Program Files (x86)\version17SpeedChecker\192_x64.dll No File

Tcpip\..\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}: [NameServer] 31.168.228.251,82.166.96.251

FF HKU\S-1-5-21-667583394-3145178462-1277471955-1001\...\Firefox\Extensions: [{C41D5775-C5CE-CBB8-1655-23008F5D8F56}] - C:\Program Files (x86)\version17SpeedChecker\192.xpi

R2 mxqv; c:\windows\mxqv.exe [523264 2015-04-13] () [File not signed]

S2 xqv; c:\windows\xqv.exe [X]

R2 webTinstMKTN84; C:\windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-04-15] ()

S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\c:\temp\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]

S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]

2015-04-16 19:58 - 2015-04-16 19:58 - 00000000 ____D () C:\Program Files (x86)\gmsd_gb_160

2015-04-16 19:56 - 2015-04-17 08:35 - 00000177 _____ () C:\windows\SysWOW64\SetupComponents.exe

2015-04-14 10:15 - 2015-04-14 10:15 - 00000000 ____D () C:\ProgramData\T122078ED

2015-04-14 10:12 - 2015-05-07 19:26 - 00000000 ____D () C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D

2015-04-14 10:10 - 2015-04-14 13:40 - 00000000 ___HD () C:\ProgramData\xqv

2015-04-13 19:13 - 2015-05-07 19:15 - 00001356 _____ () C:\windows\Tasks\QJNFZ.job

2015-04-13 19:13 - 2015-04-13 19:13 - 00004364 _____ () C:\windows\System32\Tasks\QJNFZ

2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\WJGSOVQ.job

2015-04-13 19:08 - 2015-05-07 19:15 - 00001704 _____ () C:\windows\Tasks\GYUSUEP.job

2015-04-13 19:08 - 2015-04-24 22:08 - 00000000 ____D () C:\ProgramData\5d7406e0a775469cae25df88a7d255da

2015-04-13 19:08 - 2015-04-13 19:08 - 00745984 _____ () C:\windows\xqv.dat

2015-04-13 19:08 - 2015-04-13 19:08 - 00523264 _____ () C:\windows\mxqv.exe

2015-04-13 19:08 - 2015-04-13 19:08 - 00004712 _____ () C:\windows\System32\Tasks\WJGSOVQ

2015-04-13 19:08 - 2015-04-13 19:08 - 00004710 _____ () C:\windows\System32\Tasks\GYUSUEP

2015-04-13 19:08 - 2015-04-13 19:08 - 00003560 _____ () C:\windows\System32\Tasks\VRATQ

2015-04-13 19:07 - 2015-04-13 19:08 - 00000000 ____D () C:\ProgramData\fdb70e21975a413bb583c3f4758140f0

2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\GYUSUEP

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\DEREK\AppData\Roaming\QJNFZ

2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\SPXPLN

2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WJGSOVQ

2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\DEREK\AppData\Roaming\WPRGSTS

2015-03-23 11:52 - 2015-03-23 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

C:\Users\All Users\xqv

Task: {1A3E8B4C-5053-4767-ADDF-6E88EC0629FA} - System32\Tasks\WJGSOVQ => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION

Task: {335D0B09-3C49-4AFC-9994-165A46984A92} - System32\Tasks\SPXPLN => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION

Task: {5CFE081F-2594-47EB-8660-B92844811328} - System32\Tasks\QJNFZ => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION

Task: {BB870951-F26A-4919-B4CB-8A02FA07907A} - System32\Tasks\GYUSUEP => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION

Task: {CE351B6C-7ADE-4F70-8146-ACD48118CFB2} - System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => pcalua.exe -a "C:\Program Files (x86)\version17SpeedChecker\Uninstall.exe"

Task: {D95A75E4-1ED8-4E90-8183-81D121D1A73D} - System32\Tasks\WPRGSTS => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

Task: {F5533698-9865-4113-8FAD-B346D5787285} - System32\Tasks\VRATQ => C:\ProgramData\5d7406e0a775469cae25df88a7d255da\5d7406e0a775469cae25df88a7d255da.exe

Task: C:\windows\Tasks\GYUSUEP.job => C:\Users\DEREK\AppData\Roaming\GYUSUEP.exe <==== ATTENTION

Task: C:\windows\Tasks\QJNFZ.job => C:\Users\DEREK\AppData\Roaming\QJNFZ.exe <==== ATTENTION

Task: C:\windows\Tasks\SPXPLN.job => C:\Users\DEREK\AppData\Roaming\SPXPLN.exe <==== ATTENTION

Task: C:\windows\Tasks\WJGSOVQ.job => C:\Users\DEREK\AppData\Roaming\WJGSOVQ.exe <==== ATTENTION

Task: C:\windows\Tasks\WPRGSTS.job => C:\Users\DEREK\AppData\Roaming\WPRGSTS.exe <==== ATTENTION

CMD: ipconfig /flushdns

Reboot:

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_263 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_279 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_gb_276 => value deleted successfully.

C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully.

"HKCR\CLSID\{C1E5846F-925D-1332-CE73-D0DDF382E5E4}" => Key deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6DF9E09-3B47-47B6-8FB1-E3621164DE45}\\NameServer => value deleted successfully.

HKU\S-1-5-21-667583394-3145178462-1277471955-1001\Software\Mozilla\Firefox\Extensions\\{C41D5775-C5CE-CBB8-1655-23008F5D8F56} => value deleted successfully.

mxqv => Service deleted successfully.

xqv => Service deleted successfully.

webTinstMKTN84 => Unable to stop service

webTinstMKTN84 => Service deleted successfully.

e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully.

qrnfd_1_10_0_12 => Service deleted successfully.

C:\Program Files (x86)\gmsd_gb_160 => Moved successfully.

C:\windows\SysWOW64\SetupComponents.exe => Moved successfully.

C:\ProgramData\T122078ED => Moved successfully.

C:\Users\DEREK\AppData\Local\1E009920-1429006374-6400-DC40-AC9E17B6F48D => Moved successfully.

C:\ProgramData\xqv => Moved successfully.

C:\windows\Tasks\QJNFZ.job => Moved successfully.

C:\windows\System32\Tasks\QJNFZ => Moved successfully.

C:\windows\Tasks\WJGSOVQ.job => Moved successfully.

C:\windows\Tasks\GYUSUEP.job => Moved successfully.

C:\ProgramData\5d7406e0a775469cae25df88a7d255da => Moved successfully.

C:\windows\xqv.dat => Moved successfully.

C:\windows\mxqv.exe => Moved successfully.

C:\windows\System32\Tasks\WJGSOVQ => Moved successfully.

C:\windows\System32\Tasks\GYUSUEP => Moved successfully.

C:\windows\System32\Tasks\VRATQ => Moved successfully.

C:\ProgramData\fdb70e21975a413bb583c3f4758140f0 => Moved successfully.

C:\Users\DEREK\AppData\Roaming\GYUSUEP => Moved successfully.

C:\Users\DEREK\AppData\Roaming\QJNFZ => Moved successfully.

C:\Users\DEREK\AppData\Roaming\SPXPLN => Moved successfully.

C:\Users\DEREK\AppData\Roaming\WJGSOVQ => Moved successfully.

C:\Users\DEREK\AppData\Roaming\WPRGSTS => Moved successfully.

C:\ProgramData\DP45977C.lfl => Moved successfully.

"C:\Users\All Users\xqv" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A3E8B4C-5053-4767-ADDF-6E88EC0629FA}" => Key deleted successfully.

C:\Windows\System32\Tasks\WJGSOVQ not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WJGSOVQ" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335D0B09-3C49-4AFC-9994-165A46984A92}" => Key deleted successfully.

C:\Windows\System32\Tasks\SPXPLN => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPXPLN" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CFE081F-2594-47EB-8660-B92844811328}" => Key deleted successfully.

C:\Windows\System32\Tasks\QJNFZ not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB870951-F26A-4919-B4CB-8A02FA07907A}" => Key deleted successfully.

C:\Windows\System32\Tasks\GYUSUEP not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GYUSUEP" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE351B6C-7ADE-4F70-8146-ACD48118CFB2}" => Key deleted successfully.

C:\Windows\System32\Tasks\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0D29BB8-D7FC-48BE-9C4E-38CD2839D8B3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D95A75E4-1ED8-4E90-8183-81D121D1A73D}" => Key deleted successfully.

C:\Windows\System32\Tasks\WPRGSTS => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPRGSTS" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5533698-9865-4113-8FAD-B346D5787285}" => Key deleted successfully.

C:\Windows\System32\Tasks\VRATQ not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VRATQ" => Key deleted successfully.

C:\windows\Tasks\GYUSUEP.job not found.

C:\windows\Tasks\QJNFZ.job not found.

C:\windows\Tasks\SPXPLN.job => Moved successfully.

C:\windows\Tasks\WJGSOVQ.job not found.

C:\windows\Tasks\WPRGSTS.job => Moved successfully.

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

 

The system needed a reboot.

 

==== End of Fixlog 19:27:38 ====

Share this post


Link to post
Share on other sites

Let me see new FRST.txt and Addition.txt, maybe I missed something.

Share this post


Link to post
Share on other sites

The following script maybe removes too much and you have to check search engines in Internet Explorer. Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-13]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk [2015-04-15]
ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {C519E87B-0F7C-43C3-9455-088DA1389A1E} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
CHR HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
2015-04-17 08:49 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\DEREK\Documents\Optimizer Pro
2015-04-15 22:38 - 2015-04-15 22:38 - 00050216 _____ () C:\windows\system32\Drivers\webTinstMKTN84.sys
2015-04-15 22:38 - 2015-04-15 22:38 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Reboot:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

Hi

 

new fixlog below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01
Ran by DEREK at 2015-05-14 11:09:48 Run:3
Running from C:\Users\DEREK\Downloads
Loaded Profiles: DEREK (Available profiles: DEREK)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-13]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk [2015-04-15]
ShortcutTarget: OptimizerPro-UNInstaller.lnk -> C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe (No File)
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {C519E87B-0F7C-43C3-9455-088DA1389A1E} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
CHR HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
2015-04-17 08:49 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\DEREK\Documents\Optimizer Pro
2015-04-15 22:38 - 2015-04-15 22:38 - 00050216 _____ () C:\windows\system32\Drivers\webTinstMKTN84.sys
2015-04-15 22:38 - 2015-04-15 22:38 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
FirewallRules: [TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [uDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe
FirewallRules: [{53527745-9A11-4529-91AB-D6A2155DEAA1}] => (Allow) C:\Users\DEREK\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
C:\ProgramData\{924b69c0-105d-f89d-924b-b69c0105a700}\hqghumeaylnlf.exe not found.
C:\Users\DEREK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro-UNInstaller.lnk => Moved successfully.
C:\ProgramData\{8dc42732-f0ed-08f8-8dc4-42732f0e9ccb}\OptimizerPro-UNInstaller.exe not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => Key deleted successfully.
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C519E87B-0F7C-43C3-9455-088DA1389A1E}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C519E87B-0F7C-43C3-9455-088DA1389A1E} => Key not found.
"HKU\S-1-5-21-667583394-3145178462-1277471955-1001\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko" => Key deleted successfully.
C:\Users\DEREK\Documents\Optimizer Pro => Moved successfully.
C:\windows\system32\Drivers\webTinstMKTN84.sys => Moved successfully.
C:\windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{523084E9-1E29-4783-88D4-B3C04EFD24DF}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{572C8414-C458-4A01-AC19-DBDA82D1F0D1}C:\users\derek\appdata\local\temp\i1427492931\windows\resource\jre\bin\javaw.exe => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53527745-9A11-4529-91AB-D6A2155DEAA1} => value deleted successfully.

The system needed a reboot.

==== End of Fixlog 11:09:54 ====

Share this post


Link to post
Share on other sites

Hi,

 

Do you still get many popups on several web sites?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this