Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Firefox redirect / "Reported Web Forgery" [Solved]

Started by snoopdog1951 , Dec 28 2014 01:16 PM

  • This topic is locked This topic is locked

#16
snoopdog1951
Posted 12 January 2015 - 10:52 AM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by John (administrator) on JOHN-PC on 12-01-2015 10:46:24
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Cisco) C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-09-10] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-07-17] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\...\Run: [PCShowServer] => C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...w:55304.2.99999
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {843F8246-B4D3-436E-993C-E683694E7048} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {E3480582-FBAB-47BD-B586-87BA7FDCE2BD} URL = http://search.yahoo....p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=zmw:55304.2.99999
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin64 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: NDS.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-01-09]

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-12-26] (Intel Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-01-09] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 10:41 - 2015-01-12 10:41 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-12 10:32 - 2015-01-12 10:32 - 00002071 _____ () C:\Users\John\Desktop\JRT.txt
2015-01-12 10:27 - 2015-01-12 10:27 - 01707939 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2015-01-10 17:18 - 2015-01-12 10:38 - 00000000 ____D () C:\AdwCleaner
2015-01-10 16:22 - 2015-01-10 16:23 - 02191360 _____ () C:\Users\John\Desktop\AdwCleaner.exe
2015-01-09 16:09 - 2015-01-09 16:25 - 00000000 ____D () C:\Users\John\AppData\Local\lptmp1138209518
2015-01-09 16:08 - 2015-01-12 10:40 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-01-09 16:08 - 2015-01-12 09:51 - 00000000 ____D () C:\ProgramData\WRData
2015-01-09 16:08 - 2015-01-09 16:08 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-01-09 16:08 - 2015-01-09 16:08 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-01-09 16:08 - 2015-01-09 16:08 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-01-09 16:08 - 2015-01-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-01-09 16:08 - 2015-01-09 16:08 - 00000000 ____D () C:\Program Files\Webroot
2015-01-08 23:32 - 2015-01-08 23:32 - 00000000 ____D () C:\Users\John\Desktop\FRST-OlderVersion
2015-01-07 12:38 - 2015-01-07 12:38 - 731618252 _____ () C:\Windows\MEMORY.DMP
2015-01-07 12:38 - 2015-01-07 12:38 - 00282232 _____ () C:\Windows\Minidump\010715-51043-01.dmp
2015-01-07 10:42 - 2015-01-07 10:42 - 13087456 _____ (Microsoft Corporation) C:\Users\John\Desktop\Silverlight_x64.exe
2015-01-06 09:53 - 2015-01-06 09:53 - 00000226 _____ () C:\Users\John\Desktop\Geeks to Go - Free help from tech experts.URL
2015-01-05 13:19 - 2015-01-05 13:19 - 00000127 _____ () C:\Users\John\Desktop\ckfiles.txt
2015-01-05 13:17 - 2015-01-05 13:17 - 00468480 _____ () C:\Users\John\Desktop\CKScanner.exe
2015-01-05 13:14 - 2015-01-12 10:46 - 00015635 _____ () C:\Users\John\Desktop\FRST.txt
2015-01-05 13:14 - 2015-01-09 16:28 - 00023130 _____ () C:\Users\John\Desktop\Addition.txt
2015-01-05 13:12 - 2015-01-08 23:32 - 02124288 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-05 10:47 - 2015-01-12 10:40 - 00000504 _____ () C:\Windows\setupact.log
2015-01-05 10:47 - 2015-01-05 10:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 10:46 - 2015-01-12 10:39 - 00014234 _____ () C:\Windows\PFRO.log
2015-01-04 22:49 - 2015-01-04 22:49 - 00000031 _____ () C:\Users\John\Documents\direct.txt
2014-12-29 17:34 - 2014-12-29 17:34 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieBrowserModeList
2014-12-28 13:37 - 2014-12-28 13:39 - 58082952 _____ (Microsoft Corporation) C:\Users\John\Desktop\Explorer.EXE
2014-12-28 13:36 - 2014-12-28 13:36 - 00001419 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 23:13 - 2014-12-28 13:46 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-26 14:28 - 2015-01-12 10:46 - 00000000 ____D () C:\FRST
2014-12-26 10:59 - 2014-12-26 10:59 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-12-26 10:59 - 2014-12-26 10:59 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00331992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-12-26 10:58 - 2014-12-26 10:58 - 00118272 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-12-24 17:50 - 2014-12-24 17:50 - 00000263 _____ () C:\Users\John\Desktop\Dropbox - Natalie.URL
2014-12-19 13:10 - 2014-12-26 19:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\Octoshape
2014-12-19 13:10 - 2014-12-19 13:10 - 00000000 ____D () C:\Users\John\AppData\Local\DIRECTV Player
2014-12-19 13:09 - 2014-12-19 13:09 - 20367968 _____ (DIRECTV) C:\Users\John\Downloads\DIRECTV_Player_11.0.exe
2014-12-17 19:57 - 2015-01-03 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 19:57 - 2014-12-17 19:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 19:56 - 2014-12-17 19:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 12:05 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 12:05 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-12-16 15:43 - 2014-12-16 15:45 - 44840544 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetupFull.exe
2014-12-16 11:54 - 2014-12-16 11:54 - 02978677 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\FCEUX_2.2.2.exe
2014-12-16 11:51 - 2014-12-16 11:51 - 00455842 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\Jnes_1.1.1.exe
2014-12-16 11:48 - 2014-12-16 11:48 - 01201037 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\RockNES_5.13d.exe
2014-12-14 03:23 - 2014-12-14 03:23 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 10:42 - 2013-11-24 01:27 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-12 10:40 - 2014-01-15 20:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 10:40 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 10:21 - 2014-01-15 20:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 10:21 - 2013-11-24 01:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 16:16 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:16 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:03 - 2014-01-15 21:13 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-01-08 23:20 - 2013-11-24 02:59 - 02033357 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 22:29 - 2014-01-13 15:32 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-07 12:38 - 2014-09-22 14:03 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 11:39 - 2014-01-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 12:41 - 2014-01-13 15:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-26 11:28 - 2011-02-10 08:02 - 00000000 ____D () C:\Windows\panther
2014-12-26 11:11 - 2013-11-24 01:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-26 11:04 - 2014-05-17 17:40 - 31215616 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 74121216 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00323584 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-12-26 11:04 - 2014-01-13 15:25 - 00000000 ____D () C:\Users\John
2014-12-26 11:02 - 2013-11-24 01:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-26 11:02 - 2013-11-24 01:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 11:02 - 2013-11-24 01:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-26 11:01 - 2009-07-13 23:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 10:59 - 2013-11-24 02:27 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-12-26 10:58 - 2014-01-13 15:34 - 00000000 ____D () C:\Users\John\Documents\Bluetooth Folder
2014-12-19 13:10 - 2014-01-13 15:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-12-17 20:11 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-16 16:03 - 2014-01-13 16:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-12-16 16:03 - 2013-11-24 01:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-16 11:52 - 2014-01-13 15:32 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore
2014-12-14 03:23 - 2013-11-24 01:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 10:29

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by John at 2015-01-12 10:46:57
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.1.1000 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.002 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sudoku Puzzle Addict (HKLM-x32\...\{C03E8D2E-3526-4C5D-9744-86FBBC098C43}) (Version: 1.00.0000 - GSP)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.44 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)

==================== Restore Points  =========================

26-12-2014 12:27:15 AA11
26-12-2014 12:40:10 IObit Uninstaller restore point
26-12-2014 19:17:08 IObit Uninstaller restore point
26-12-2014 22:58:15 IObit Uninstaller restore point
26-12-2014 22:58:47 AA11
26-12-2014 23:03:01 IObit Uninstaller restore point
26-12-2014 23:03:22 LavasoftWeCompanion
29-12-2014 17:03:56 IObit Uninstaller restore point
29-12-2014 17:06:54 IObit Uninstaller restore point
31-12-2014 09:56:29 Windows Update
05-01-2015 11:39:37 IObit Uninstaller restore point
05-01-2015 11:42:00 IObit Uninstaller restore point
06-01-2015 09:33:03 Windows Update
07-01-2015 11:46:01 IObit Uninstaller restore point
08-01-2015 23:12:41 IObit Uninstaller restore point
08-01-2015 23:13:40 IObit Uninstaller restore point
08-01-2015 23:14:32 IObit Uninstaller restore point
08-01-2015 23:15:29 IObit Uninstaller restore point
08-01-2015 23:16:12 IObit Uninstaller restore point
08-01-2015 23:17:29 IObit Uninstaller restore point
08-01-2015 23:18:19 IObit Uninstaller restore point
08-01-2015 23:19:29 IObit Uninstaller restore point
08-01-2015 23:33:21 Restore Point Created by FRST
10-01-2015 16:02:54 Restore Point Created by FRST
10-01-2015 16:05:54 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D874672-9B6F-4886-9F60-E8BE77F6DA3C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {16C08E06-9BC7-40BB-BF3A-30A994E715F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {2042D263-2E5C-484E-814A-3C29EF2D579F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3A7353BA-F60D-4F60-B727-9373518B5F94} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4164D968-2170-4D8B-A90C-CF156F6E67C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {6363D9C5-CDFA-45D6-9C63-B518B08A28BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {E413B16F-DDDF-4E61-8738-12A8E92C53CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-28 12:12 - 2013-06-28 12:12 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-24 01:27 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 01387880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-09-16 13:51 - 2014-09-16 13:51 - 11475296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02948448 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00339296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02106728 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00689000 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 01403224 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00091976 _____ () C:\Users\John\AppData\Local\DIRECTV Player\z.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00205672 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00060272 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00043880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00044896 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08296288 _____ () C:\Users\John\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-01-15 18:13 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-15 18:13 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-11-24 11:39 - 2014-11-24 11:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-11-24 01:14 - 2013-06-01 06:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1973512931-3336358897-1288466322-500 - Administrator - Disabled)
Guest (S-1-5-21-1973512931-3336358897-1288466322-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1973512931-3336358897-1288466322-1002 - Limited - Enabled)
John (S-1-5-21-1973512931-3336358897-1288466322-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 10:41:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/12/2015 10:40:29 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.

Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0

The details view of this entry contains further information.

Error: (01/12/2015 10:38:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (01/12/2015 10:38:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (01/12/2015 10:38:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/12/2015 10:38:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 22%
Total physical RAM: 6032.36 MB
Available physical RAM: 4656.61 MB
Total Pagefile: 12062.9 MB
Available Pagefile: 10471.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:371.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B797F90B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=444.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


  • 0

Advertisements

#17
Nevan
Posted 12 January 2015 - 12:43 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Please post the remaining logs. They should be:
  • JRT.txt located on your Desktop
  • AdwCleaner[S0].txt located in C:\AdwCleaner

  • 0

#18
snoopdog1951
Posted 12 January 2015 - 06:47 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Mon 01/12/2015 at 10:29:36.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\IOBITAPPSTOOLBAR.EXE-DB6BC967.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\slick savings"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\systweak"



~~~ FireFox

Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\zfddampy.default-1396900832420\prefs.js

user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Ad-Aware SecureSearch,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
user_pref("extensions.24mMJZqMtuIrRRSO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.KUo5abV1cXDZp36h.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.KUo5abV1cXDZp36h.url", "hxxp://transferbox.info/sync2/?q=hfZ9ofV9CShEAen0rTwFrihTB6lKDzt4olljtNtVh7n0rjnFrTw7rjYFrHa9tMFHhd9FqdwGrjgFpdw9rHwMDMlGojUMAe4U
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\zfddampy.default-1396900832420\minidumps [62 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/12/2015 at 10:32:04.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.107 - Report created 12/01/2015 at 10:38:18
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\John\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\John\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected]
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[zfddampy.default-1396900832420\prefs.js] - Line Deleted : user_pref("extensions.24mMJZqMtuIrRRSO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v

[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6B482713-6B0E-4D94-A9E4-1CB994F08348}&mid=cf1a55a4b03b47d3b779d15c832bb46e-1773fe8c3c9d59846c96076deaa1e0e071fccab1&ds=AVG&lang=en&v=11.0.0.9&pr=pr&d=&sap=dsp&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=40E1C5C8-E8DE-4A82-B4C4-FE9EF0E2DAB3&apn_ptnrs=TV&apn_sauid=AE22BD18-6B8F-45BC-8FD6-9C948D701914&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=40E1C5C8-E8DE-4A82-B4C4-FE9EF0E2DAB3&apn_ptnrs=TV&apn_sauid=AE22BD18-6B8F-45BC-8FD6-9C948D701914&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AyD0ByDyEzyzytDtByC0FtN0D0Tzu0CyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=20185727&ir=

*************************

AdwCleaner[R0].txt - [3760 octets] - [10/01/2015 17:18:20]
AdwCleaner[R1].txt - [4107 octets] - [12/01/2015 10:36:59]
AdwCleaner[S0].txt - [4029 octets] - [12/01/2015 10:38:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4089 octets] ##########

 


  • 0

#19
snoopdog1951
Posted 12 January 2015 - 06:51 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

What does the "HOT" box represent on the main page?


  • 0

#20
Nevan
Posted 13 January 2015 - 12:32 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951.
 

What does the "HOT" box represent on the main page?

I don't know what you're talking about, so it's possible that your browser is showing up something.
Could you please make a screenshot of that? Position your browser so that this box is visible and press Alt+Print Screen combination on your keyboard. Once done, open Paint, press Ctrl+V combination and Ctrl+S to save the file. Please, use .PNG format. Add that file as an attachment to your post.

Also, please do the following steps.

 
Step #1
Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content
  • Screenshot of that "HOT" box that you see

  • 0

#21
snoopdog1951
Posted 13 January 2015 - 02:59 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

geeks.png


  • 0

#22
snoopdog1951
Posted 13 January 2015 - 03:48 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I am not getting directions to "copy to clipboard" at the page.Mal.png


  • 0

#23
Nevan
Posted 13 January 2015 - 04:22 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Don't worry about that "HOT" box. It actually means that a topic has been very active recently.

And here's where you can find the "Copy to clipboard" button:
ppqTmjM.png
  • 0

#24
snoopdog1951
Posted 13 January 2015 - 05:12 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e12692e0f432274cb7979ce98a750124
# engine=21950
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-13 11:05:00
# local_time=2015-01-13 05:05:00 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 172733750 0 0
# compatibility_mode_1='Webroot SecureAnywhere'
# compatibility_mode=16129 16777214 100 100 262504 266185 0 0
# scanned=157586
# found=9
# cleaned=0
# scan_time=3590
sh=B2670B4FBCC47D2B132C1F00D27838060DD7A3B3 ft=1 fh=75a98821f99ab4b9 vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\3a047111.rbf"
sh=3A5013A2D56FB71206D497D002033052542954A2 ft=1 fh=3dbcaea7f6a165fa vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\4dc0386f.rbf"
sh=786CB6A87C798F799ED498E84956F052D2977672 ft=1 fh=c7117f7e4751bae7 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\511414a9.rbf"
sh=BD3566A4EB3D64936EA7F15EF6679BB6D587A2AC ft=1 fh=9c23c83f3ac2e489 vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\51e9ab8f.rbf"
sh=9E194D2620FF26A7291D6B1B48475EDD1B268AEA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\lbihihaaofomgcababbmjgbblobipmib\lbihihaaofomgcababbmjgbblobipmib\RB.js"
sh=B2584105CAF4756186658658D46882D9854D5421 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\FRST\Quarantine\C\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\114\A6nqn.js"
sh=8AAAB8A944B3F4844C5B27D62326B49A649E6729 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected]\content\bg.js"
sh=7D52AD23EC9F49564CF6A7F99A550AE10017344F ft=1 fh=2ff7c59f63c86a4e vn="Win32/MyPCBackup.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe.xBAD"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
 


  • 0

#25
snoopdog1951
Posted 13 January 2015 - 06:12 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Found the" Copy To Clipboard" button. Clicked on the button & had no results. Will send a snapshot.

 

 

Attached Thumbnails

  • mal2.png

  • 0

Advertisements

#26
snoopdog1951
Posted 14 January 2015 - 06:30 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/13/2015
Scan Time: 3:02:17 PM
Logfile: sack.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.13.16
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329819
Time Elapsed: 9 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Heuristics.Reserved.Word.Exploit, C:\Users\John\Desktop\Explorer.EXE, Quarantined, [01970ee6b4d541f5b7c2c9cc55b029d7],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#27
Nevan
Posted 14 January 2015 - 10:47 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951.

Good news. Your system is now clean and we can clean the tools that we used.

Please tell me if you still have any problems with your computer.

Step #1
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3.

 
Step #2
Cleaning
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   189bytes   139 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
DelFix
Now that your system is clean, we can clear system restore points and malware removal tools that we used. To do that, download and run Delfix.
  • Note: Make sure that the following options are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset System Settings
k0dPuvD.png
After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 
Things that should appear in your next post:
  • Fixlog.txt log content
  • DelFix.txt log content
  • Please tell me if you still have any problems with your computer.

  • 0

#28
snoopdog1951
Posted 15 January 2015 - 12:52 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by John at 2015-01-15 12:35:24 Run:6
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Config.Msi\3a047111.rbf
C:\Config.Msi\4dc0386f.rbf
C:\Config.Msi\511414a9.rbf
C:\Config.Msi\51e9ab8f.rbf
C:\Program Files (x86)\ESET
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Config.Msi\3a047111.rbf" => File/Directory not found.
"C:\Config.Msi\4dc0386f.rbf" => File/Directory not found.
"C:\Config.Msi\511414a9.rbf" => File/Directory not found.
"C:\Config.Msi\51e9ab8f.rbf" => File/Directory not found.
"C:\Program Files (x86)\ESET" => File/Directory not found.
EmptyTemp: => Removed 16.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:35:45 ====

 

# DelFix v10.8 - Logfile created 15/01/2015 at 12:49:22
# Updated 29/07/2014 by Xplode
# Username : John - JOHN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\John\Desktop\FRST-OlderVersion
Deleted : C:\Users\John\Desktop\Addition.txt
Deleted : C:\Users\John\Desktop\AdwCleaner.exe
Deleted : C:\Users\John\Desktop\CKScanner.exe
Deleted : C:\Users\John\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\John\Desktop\Fixlog.txt
Deleted : C:\Users\John\Desktop\FRST.txt
Deleted : C:\Users\John\Desktop\FRST64.exe
Deleted : C:\Users\John\Desktop\JRT.exe
Deleted : C:\Users\John\Desktop\JRT.txt
Deleted : C:\Users\John\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #170 [IObit Uninstaller restore point | 12/27/2014 04:58:15]
Deleted : RP #171 [AA11 | 12/27/2014 04:58:47]
Deleted : RP #172 [IObit Uninstaller restore point | 12/27/2014 05:03:01]
Deleted : RP #173 [LavasoftWeCompanion | 12/27/2014 05:03:22]
Deleted : RP #174 [IObit Uninstaller restore point | 12/29/2014 23:03:56]
Deleted : RP #175 [IObit Uninstaller restore point | 12/29/2014 23:06:54]
Deleted : RP #176 [Windows Update | 12/31/2014 15:56:29]
Deleted : RP #177 [IObit Uninstaller restore point | 01/05/2015 17:39:37]
Deleted : RP #178 [IObit Uninstaller restore point | 01/05/2015 17:42:00]
Deleted : RP #179 [Windows Update | 01/06/2015 15:33:03]
Deleted : RP #180 [IObit Uninstaller restore point | 01/07/2015 17:46:01]
Deleted : RP #181 [IObit Uninstaller restore point | 01/09/2015 05:12:41]
Deleted : RP #182 [IObit Uninstaller restore point | 01/09/2015 05:13:40]
Deleted : RP #183 [IObit Uninstaller restore point | 01/09/2015 05:14:32]
Deleted : RP #184 [IObit Uninstaller restore point | 01/09/2015 05:15:29]
Deleted : RP #185 [IObit Uninstaller restore point | 01/09/2015 05:16:12]
Deleted : RP #186 [IObit Uninstaller restore point | 01/09/2015 05:17:29]
Deleted : RP #187 [IObit Uninstaller restore point | 01/09/2015 05:18:19]
Deleted : RP #188 [IObit Uninstaller restore point | 01/09/2015 05:19:29]
Deleted : RP #190 [Restore Point Created by FRST | 01/09/2015 05:33:21]
Deleted : RP #192 [Restore Point Created by FRST | 01/10/2015 22:02:54]
Deleted : RP #194 [Restore Point Created by FRST | 01/10/2015 22:05:54]
Deleted : RP #195 [Windows Update | 01/15/2015 00:25:26]
Deleted : RP #197 [Restore Point Created by FRST | 01/15/2015 18:28:00]
Deleted : RP #199 [Restore Point Created by FRST | 01/15/2015 18:33:07]
Deleted : RP #201 [Restore Point Created by FRST | 01/15/2015 18:35:25]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

# DelFix v10.8 - Logfile created 15/01/2015 at 12:49:22
# Updated 29/07/2014 by Xplode
# Username : John - JOHN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\John\Desktop\FRST-OlderVersion
Deleted : C:\Users\John\Desktop\Addition.txt
Deleted : C:\Users\John\Desktop\AdwCleaner.exe
Deleted : C:\Users\John\Desktop\CKScanner.exe
Deleted : C:\Users\John\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\John\Desktop\Fixlog.txt
Deleted : C:\Users\John\Desktop\FRST.txt
Deleted : C:\Users\John\Desktop\FRST64.exe
Deleted : C:\Users\John\Desktop\JRT.exe
Deleted : C:\Users\John\Desktop\JRT.txt
Deleted : C:\Users\John\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #170 [IObit Uninstaller restore point | 12/27/2014 04:58:15]
Deleted : RP #171 [AA11 | 12/27/2014 04:58:47]
Deleted : RP #172 [IObit Uninstaller restore point | 12/27/2014 05:03:01]
Deleted : RP #173 [LavasoftWeCompanion | 12/27/2014 05:03:22]
Deleted : RP #174 [IObit Uninstaller restore point | 12/29/2014 23:03:56]
Deleted : RP #175 [IObit Uninstaller restore point | 12/29/2014 23:06:54]
Deleted : RP #176 [Windows Update | 12/31/2014 15:56:29]
Deleted : RP #177 [IObit Uninstaller restore point | 01/05/2015 17:39:37]
Deleted : RP #178 [IObit Uninstaller restore point | 01/05/2015 17:42:00]
Deleted : RP #179 [Windows Update | 01/06/2015 15:33:03]
Deleted : RP #180 [IObit Uninstaller restore point | 01/07/2015 17:46:01]
Deleted : RP #181 [IObit Uninstaller restore point | 01/09/2015 05:12:41]
Deleted : RP #182 [IObit Uninstaller restore point | 01/09/2015 05:13:40]
Deleted : RP #183 [IObit Uninstaller restore point | 01/09/2015 05:14:32]
Deleted : RP #184 [IObit Uninstaller restore point | 01/09/2015 05:15:29]
Deleted : RP #185 [IObit Uninstaller restore point | 01/09/2015 05:16:12]
Deleted : RP #186 [IObit Uninstaller restore point | 01/09/2015 05:17:29]
Deleted : RP #187 [IObit Uninstaller restore point | 01/09/2015 05:18:19]
Deleted : RP #188 [IObit Uninstaller restore point | 01/09/2015 05:19:29]
Deleted : RP #190 [Restore Point Created by FRST | 01/09/2015 05:33:21]
Deleted : RP #192 [Restore Point Created by FRST | 01/10/2015 22:02:54]
Deleted : RP #194 [Restore Point Created by FRST | 01/10/2015 22:05:54]
Deleted : RP #195 [Windows Update | 01/15/2015 00:25:26]
Deleted : RP #197 [Restore Point Created by FRST | 01/15/2015 18:28:00]
Deleted : RP #199 [Restore Point Created by FRST | 01/15/2015 18:33:07]
Deleted : RP #201 [Restore Point Created by FRST | 01/15/2015 18:35:25]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Thank you very much.

 


  • 0

#29
Nevan
Posted 15 January 2015 - 02:47 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Good news. Your system is now clean. I have prepared some tips for you to stay safe in the future.

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Adobe products have to always be updated, because they also are being used to infect your computer.
  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.
 
FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

 
Recommendations for security programs
  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.
  • 0

#30
snoopdog1951
Posted 15 January 2015 - 07:00 PM

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you again. You made the process painless. You were professional & patient.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP