[allforhimblog]

Hope all is fine, thanks again for your amazing help!!

 

No need to attach log, it's short and sweet and appears to be good news

 

Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01

Ran by Dorothy01 at 2015-03-04 19:18:06

Running from C:\Users\Dorothy01\Desktop

Boot Mode: Normal

 

================== Search Files: "HELP_DECRYPT.*;DECRYPT_INSTRUCTION.*" =============

 

====== End Of Search ======

[Advertisements]

Good to hear that your machine is running better now.  And that last search did indeed come back with great news. 

 

Let's get one more scan with FRST to check the system ....

 

• If you still have the Addition.txt file on your desktop, please delete it now.
• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
• Please check the Addition.txt in the Option Scan section of FRST.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

[dbreeze]

Good to hear that your machine is running better now.  And that last search did indeed come back with great news. 

 

Let's get one more scan with FRST to check the system ....

 

• If you still have the Addition.txt file on your desktop, please delete it now.
• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
• Please check the Addition.txt in the Option Scan section of FRST.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

[allforhimblog]

Okay here is the FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01

Ran by Dorothy01 (administrator) on DOROTHY on 05-03-2015 08:18:02

Running from C:\Users\Dorothy01\Desktop

Loaded Profiles: Dorothy01 (Available profiles: Dorothy01)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-19] (AVAST Software)

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1

SearchScopes: HKLM-x32 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]

CHR Extension: (Google Docs) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]

CHR Extension: (Google Drive) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]

CHR Extension: (YouTube) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]

CHR Extension: (Google Search) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]

CHR Extension: (Google Sheets) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]

CHR Extension: (Norton Identity Safe) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-19]

CHR Extension: (Google Wallet) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]

CHR Extension: (Gmail) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]

CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-19] (AVAST Software)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-14] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-19] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-19] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-19] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-19] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-19] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-19] ()

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-20] ()

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-05 08:18 - 2015-03-05 08:19 - 00012411 _____ () C:\Users\Dorothy01\Desktop\FRST.txt

2015-03-04 19:46 - 2015-03-04 19:46 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak

2015-03-04 19:45 - 2015-03-04 19:45 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (2).diagcab

2015-03-04 19:35 - 2015-03-04 19:35 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2015-02-27 06:33 - 2015-02-27 06:33 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (1).diagcab

2015-02-26 21:47 - 2015-02-26 21:47 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic.diagcab

2015-02-26 20:54 - 2015-03-04 17:29 - 00000000 ____D () C:\Users\Dorothy01\Desktop\FRST-OlderVersion

2015-02-25 21:44 - 2015-02-25 21:44 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (3).exe

2015-02-25 20:35 - 2015-02-25 20:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (2).exe

2015-02-25 20:29 - 2015-03-05 08:14 - 00197398 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-25 20:27 - 2014-02-14 04:38 - 00000000 ____D () C:\Users\Dorothy01\Downloads\Tweaking.com - Set Windows Services To Default Startup

2015-02-25 20:26 - 2015-02-25 20:26 - 01337256 _____ () C:\Users\Dorothy01\Downloads\Tweaking.com-SetWindowsServicesToDefaultStartup.exe

2015-02-25 01:42 - 2015-02-25 01:42 - 02126848 _____ () C:\Users\Dorothy01\Desktop\AdwCleaner.exe

2015-02-25 01:42 - 2015-02-25 01:42 - 00415232 _____ (Farbar) C:\Users\Dorothy01\Desktop\FSS.exe

2015-02-24 06:21 - 2015-02-24 06:21 - 00243440 _____ () C:\Users\Dorothy01\Downloads\Firefox Setup Stub 35.0.1.exe

2015-02-24 05:54 - 2015-02-24 05:54 - 00896048 _____ () C:\Users\Dorothy01\Downloads\Norton_Removal_Tool.exe

2015-02-21 22:39 - 2015-03-05 08:18 - 00000000 ____D () C:\FRST

2015-02-21 22:15 - 2015-03-04 17:29 - 02092544 _____ (Farbar) C:\Users\Dorothy01\Desktop\FRST64.exe

2015-02-21 22:12 - 2015-02-21 22:12 - 02745248 _____ () C:\Users\Dorothy01\Downloads\idtool.zip

2015-02-21 19:12 - 2015-02-21 19:12 - 00101120 _____ () C:\Users\Dorothy01\Downloads\Extras.Txt

2015-02-21 19:07 - 2015-02-21 19:14 - 00137792 _____ () C:\Users\Dorothy01\Downloads\OTL.Txt

2015-02-21 18:42 - 2015-02-21 18:42 - 00602112 _____ (OldTimer Tools) C:\Users\Dorothy01\Downloads\OTL.exe

2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu.exe

2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (1).exe

2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (2).exe

2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe

2015-02-20 19:33 - 2015-02-20 19:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe_20150220.193324.1664.log

2015-02-20 06:45 - 2015-03-04 19:36 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\CrashDumps

2015-02-20 06:41 - 2015-03-04 20:46 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-20 06:41 - 2015-02-20 06:41 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-20 06:41 - 2015-02-20 06:41 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-20 06:07 - 2015-02-20 19:18 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-02-20 06:07 - 2015-02-20 06:07 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-02-19 22:07 - 2015-02-19 22:09 - 18683992 _____ () C:\Users\Dorothy01\Downloads\RogueKillerX64.exe

2015-02-19 22:04 - 2015-02-19 22:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\AVAST Software

2015-02-19 21:41 - 2015-02-19 21:41 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.214114.592.log

2015-02-19 21:33 - 2015-02-25 03:12 - 00000000 ____D () C:\AdwCleaner

2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213330.1188.log

2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213304.1212.log

2015-02-19 21:32 - 2015-02-19 21:33 - 02126848 _____ () C:\Users\Dorothy01\Downloads\adwcleaner_4.111.exe

2015-02-19 21:32 - 2015-02-19 21:32 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe

2015-02-19 21:32 - 2015-02-19 21:32 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213253.1128.log

2015-02-19 21:27 - 2015-02-19 21:27 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-02-19 21:27 - 2015-02-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-02-19 21:27 - 2015-02-19 21:17 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-02-19 21:23 - 2015-02-19 21:23 - 05006864 _____ (AVAST Software) C:\Users\Dorothy01\Downloads\avast_free_antivirus_setup_online.exe

2015-02-19 21:20 - 2015-02-19 21:27 - 00000350 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2015-02-19 21:20 - 2015-02-19 21:20 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Google

2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files\Google

2015-02-19 21:18 - 2015-03-04 20:07 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-19 21:18 - 2015-02-19 21:21 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Google

2015-02-19 21:18 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-19 21:17 - 2015-02-19 21:27 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

2015-02-19 21:17 - 2015-02-19 21:27 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

2015-02-19 21:17 - 2015-02-19 21:17 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-02-19 21:17 - 2015-02-19 21:17 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-02-19 21:17 - 2015-02-19 21:17 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-02-19 21:17 - 2015-02-19 21:17 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-02-19 21:17 - 2015-02-19 21:17 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-19 21:13 - 2015-02-19 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-19 18:15 - 2015-02-19 18:15 - 00003180 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog

2015-02-18 16:53 - 2015-03-02 20:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-18 16:52 - 2015-02-18 16:52 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-18 16:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-18 16:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-18 16:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-18 16:48 - 2015-02-18 16:48 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-18 16:39 - 2015-02-24 06:22 - 00000000 ____D () C:\WINDOWS\pss

2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver

2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\Program Files\ZTE_Handset_USB_Driver

2015-02-11 17:53 - 2013-09-11 16:27 - 00134976 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsser.sys

2015-02-11 17:53 - 2013-09-11 16:26 - 00175808 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsnet.sys

2015-02-11 17:53 - 2013-03-19 18:38 - 00821544 _____ () C:\WINDOWS\adb.exe

2015-02-11 17:53 - 2012-11-09 17:14 - 00062728 _____ (VIA Telecom) C:\WINDOWS\system32\Drivers\viahsser.sys

2015-02-11 17:53 - 2012-10-31 18:02 - 00032136 _____ (Via Telecom, Inc.) C:\WINDOWS\system32\Drivers\viahsets.sys

2015-02-11 17:53 - 2012-06-20 13:51 - 00020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys

2015-02-11 17:53 - 2012-06-08 16:56 - 01721576 _____ () C:\WINDOWS\system32\WdfCoInstaller01009.dll

2015-02-11 17:53 - 2012-06-08 16:56 - 01002728 _____ () C:\WINDOWS\system32\WinUSBCoInstaller2.dll

2015-02-11 17:53 - 2011-10-26 17:31 - 00067608 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll

2015-02-11 17:53 - 2011-08-15 18:43 - 00102936 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll

2015-02-09 16:56 - 2015-02-09 16:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-05 08:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-03-04 20:36 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-03-04 20:12 - 2014-07-23 09:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001

2015-03-04 20:09 - 2012-08-31 22:56 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2015-03-04 20:06 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-03-04 19:14 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2015-03-04 19:13 - 2014-10-14 09:44 - 00000000 ____D () C:\Users\Dorothy01

2015-03-04 02:50 - 2014-09-24 01:15 - 00006428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-03-02 21:27 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PLA

2015-02-27 06:27 - 2014-09-07 12:01 - 00000000 ____D () C:\Users\Public\CyberLink

2015-02-26 20:55 - 2014-10-22 16:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\tmp11238

2015-02-26 20:55 - 2014-10-14 13:14 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\AMD

2015-02-26 20:55 - 2014-10-14 10:30 - 00000000 ____D () C:\Windows.old

2015-02-26 20:55 - 2014-08-11 11:56 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Apple Computer

2015-02-26 20:55 - 2014-07-23 09:13 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Adobe

2015-02-26 20:55 - 2014-07-23 09:09 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard

2015-02-26 20:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\restore

2015-02-25 03:12 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT

2015-02-25 03:12 - 2014-07-23 16:07 - 00000000 ____D () C:\StarmIRC v3.0

2015-02-25 03:12 - 2014-07-23 16:05 - 00000000 ____D () C:\StarPircH

2015-02-25 03:12 - 2012-08-28 08:27 - 00000000 _RSHD () C:\hp

2015-02-25 03:12 - 2012-08-01 21:15 - 00000000 ____D () C:\SWSETUP

2015-02-25 03:12 - 2012-08-01 03:57 - 00000000 _RSHD () C:\SYSTEM.SAV

2015-02-25 02:39 - 2014-12-09 19:03 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}

2015-02-25 02:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Web

2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\ProgramData\Norton

2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2015-02-24 05:57 - 2014-11-11 19:11 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt

2015-02-21 22:13 - 2014-10-23 11:14 - 04012982 _____ (NathanScott Apps) C:\Users\Dorothy01\Desktop\IDTool.exe

2015-02-20 06:09 - 2014-07-23 16:00 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-20 06:09 - 2014-07-23 15:56 - 00000000 ____D () C:\Program Files (x86)\Java

2015-02-20 06:07 - 2014-07-23 15:56 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2015-02-20 06:07 - 2014-07-23 15:56 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2015-02-19 23:23 - 2014-11-10 16:42 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Ovics

2015-02-19 07:41 - 2015-01-24 16:45 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\{294523ef-b8b6-59cc-fe37-7cd365b2a599}

2015-02-19 07:40 - 2014-11-20 15:49 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate

2015-02-19 07:40 - 2014-11-10 16:29 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate7

2015-02-19 01:24 - 2014-10-14 10:31 - 00000000 ___DC () C:\WINDOWS\Panther

2015-02-19 01:18 - 2014-11-11 16:55 - 00000000 ____D () C:\WINDOWS\Minidump

2015-02-15 08:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

 

==================== Files in the root of some directories =======

 

2015-01-05 14:15 - 2015-01-05 14:15 - 0015872 _____ () C:\Users\Dorothy01\AppData\Roaming\cowitches.d

2014-11-13 18:51 - 2015-01-07 09:58 - 0009728 _____ () C:\Users\Dorothy01\AppData\Roaming\mcp.ico

2014-07-23 15:49 - 2014-07-23 15:49 - 0000043 _____ () C:\Users\Dorothy01\AppData\Roaming\WB.CFG

2014-11-10 16:30 - 2014-11-10 16:30 - 0000448 ____H () C:\Users\Dorothy01\AppData\Roaming\麽鎒駓覜

2012-09-01 00:08 - 2012-09-01 00:08 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-14 09:32

 

==================== End Of Log ============================

 

 

And here's the additional scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01

Ran by Dorothy01 at 2015-03-05 08:20:20

Running from C:\Users\Dorothy01\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)

HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)

iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )

iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

StarmIRC 3.0 (HKLM-x32\...\StarmIRC 3.0) (Version:  - )

StarPircH v3.0 (HKLM-x32\...\StarPircH v3.0) (Version:  - )

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B01 - ZTE Corporation)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll No File

 

==================== Restore Points  =========================

 

26-02-2015 20:54:31 Restore Point Created by FRST

27-02-2015 06:26:16 Restore Point Created by FRST

04-03-2015 18:44:11 Restore Point Created by FRST

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 07:25 - 2015-02-24 05:57 - 00001515 _RASH C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

89.163.213.140 www.google-analytics.com.

89.163.213.140 google-analytics.com.

89.163.213.140 connect.facebook.net.

136.243.254.251 www.google-analytics.com.

136.243.254.251 google-analytics.com.

136.243.254.251 connect.facebook.net.

162.247.13.85 www.google-analytics.com.

162.247.13.85 google-analytics.com.

162.247.13.85 connect.facebook.net.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {10DBF29F-9C03-4CB6-9169-375E42E32964} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe

Task: {11313470-E7D3-43C8-A7F7-5F76D072D93D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe

Task: {14B872C9-ED54-4ACC-A2E9-1A45CAD02CCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {348D35BE-0530-4438-9C00-FA4E457087F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)

Task: {45D84C00-2A3B-4698-945A-BD5F046DE8C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)

Task: {56F27C26-0168-4504-889C-0EFBE85EE084} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

Task: {86C013A6-B536-4DF0-BEDC-656D87A1D6D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)

Task: {A589DDED-A1E5-4832-A451-604AADF76C94} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe

Task: {D042FFB9-18A6-451E-A0B3-D8F8FDB41F2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D7DFAC78-DC9A-420F-9905-9654F37432EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)

Task: {D8A8741F-AFA1-45BC-8531-65E4136E8CD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)

Task: {F70673BE-9DA6-4FE7-93FB-32DE754FBB81} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-07-19 19:06 - 2012-07-19 19:06 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll

2012-07-19 19:06 - 2012-07-19 19:06 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll

2012-07-19 19:07 - 2012-07-19 19:07 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

2014-10-14 13:10 - 2014-10-14 13:10 - 00120224 _____ () C:\Users\Dorothy01\AppData\Local\assembly\dl3\N1ZEJ5WT.E21\Y8VKR1P8.4QP\edb32bf5\0038bcf4_1366cd01\HPItunesModule.DLL

2014-09-24 00:59 - 2014-09-24 00:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll

2015-03-04 17:27 - 2015-03-04 17:27 - 02916352 _____ () C:\Program Files\AVAST Software\Avast\defs\15030403\algo.dll

2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-02-19 21:17 - 2015-02-19 21:17 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-02-19 21:20 - 2015-02-17 16:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-19 21:20 - 2015-02-17 16:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-19 21:20 - 2015-02-17 16:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg

DNS Servers: 192.168.1.254

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "{30112b75-e574-a6db-560c-8103291a0838}"

HKLM\...\StartupApproved\Run32: => "CrashReportSaver"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.URL"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.TXT"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.PNG"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.HTML"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "acikmao"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "BluetoothS"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "dccwmote"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "Driver Support"

HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "kycnage"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1427692388-1042374531-2795145444-500 - Administrator - Disabled)

Dorothy01 (S-1-5-21-1427692388-1042374531-2795145444-1001 - Administrator - Enabled) => C:\Users\Dorothy01

Guest (S-1-5-21-1427692388-1042374531-2795145444-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1427692388-1042374531-2795145444-1006 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2875

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2875

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

System errors:

=============

Error: (03/04/2015 06:46:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The HP Connected Remote Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F2030000E5050000

 

Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: Performance163707000000000000000000008F020000

 

Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F2030000E5050000

 

Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: Performance163707000000000000000000008F020000

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2875

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2875

 

Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F2030000E5050000

 

Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: Performance163707000000000000000000008F020000

 

 

==================== Memory info =========================== 

 

Processor: AMD E1-1200 APU with Radeon™ HD Graphics

Percentage of memory in use: 27%

Total physical RAM: 3660.08 MB

Available physical RAM: 2665.52 MB

Total Pagefile: 4060.08 MB

Available Pagefile: 2385.18 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:384.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: D370BA94)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[dbreeze]

Ok; I'm not seeing any malware but we need to take care of some housekeeping (tiding up after some old programs, etc.).

 

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

Attached Files

•  Fixlist.txt   2.44KB   239 downloads

[allforhimblog]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01

Ran by Dorothy01 at 2015-03-05 15:40:32 Run:6

Running from C:\Users\Dorothy01\Desktop

Loaded Profiles: Dorothy01 (Available profiles: Dorothy01)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKLM-x32 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR Extension: (Norton Identity Safe) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-19]

CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

2015-03-04 20:12 - 2014-07-23 09:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001

CustomCLSID: HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll No File

C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll

Task: {10DBF29F-9C03-4CB6-9169-375E42E32964} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe

Task: {11313470-E7D3-43C8-A7F7-5F76D072D93D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe

Task: {A589DDED-A1E5-4832-A451-604AADF76C94} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe

C:\Program Files (x86)\Norton Internet Security

Reg: Reg Delete HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F

Reg: Reg Add HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F

EmptyTemp:

Reboot:

end

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8E0E081D-FD81-46C2-AD92-3B939C17F151}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{8E0E081D-FD81-46C2-AD92-3B939C17F151} => Key not found. 

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif => Moved successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc" => Key deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.

C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001 => Moved successfully.

"HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}" => Key deleted successfully.

"C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10DBF29F-9C03-4CB6-9169-375E42E32964}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10DBF29F-9C03-4CB6-9169-375E42E32964}" => Key deleted successfully.

C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11313470-E7D3-43C8-A7F7-5F76D072D93D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11313470-E7D3-43C8-A7F7-5F76D072D93D}" => Key deleted successfully.

C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A589DDED-A1E5-4832-A451-604AADF76C94}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A589DDED-A1E5-4832-A451-604AADF76C94}" => Key deleted successfully.

C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.

"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.

 

========= Reg Delete HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= Reg Add HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

EmptyTemp: => Removed 100.5 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 15:41:43 ====

[dbreeze]

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks.


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
• Create registry backup
• Purge system restore
• Reset system settings
• 
• Click Run
• The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

• Click Start and then click Control Panel.
• Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
• Scroll down and click on Windows Update.
• Click on Change settings.
• Under Important Updates, click on Install updates automatically (recommended).
• Select (click on) the other options on this page.
• Select a day and time to have windows install the updates.
• Click on Ok to change the settings.
• If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

• How to disable Java in your web browser
• How to unplug Java from the browser

To uninstall Java (on Win7):

• Click Start and then click Control Panel.
• If you need to, click View by: and select either Large Icons or Small Icons.
• Click on Programs and Features.
• Scroll down until you find Java and click on it to select that program.
• (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
• Click Uninstall.
• If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

• Go to java.com and click on Do I have Java?.
• On the next page, click on Verify Java Version.
• If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
• Follow the recommendations (if any) on the results screen.
• If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
• The site will start a download of jxpiinstall.exe. Save the file to your desktop.
• When the download is finished, close your browser.
• Right click on the jxpiinstall.exe and select Run as Administrator.
• On the opening window, check Change destination folder and then click Install>.
• The program will now download the rest of the files needed to install Java.
• On the Destination Folder window, click Next>.
• On the next window, the install will present you the option of adding additional software (this is known as Foistware).
• Uncheck the Set and keep Ask as my default search provider.
• Uncheck the Install the Ask Toolbar.
• Click Next> to finish the install.
• When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

• Launch your Adobe Reader.
• Click Help and then click on About Adobe Reader from the menu list.
• If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
• The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
• Click on Download in the menu bar on top of the Adobe web page.
• Click on Adobe Reader in the list on the right hand side of the page.
• On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
• Click the Install Now button and follow the directions on next page.
• If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
• When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done!

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor  -  installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
 

 

[allforhimblog]

Here's the delfix log, thank you again, you have no idea how much I've truly appreciated all your help!

 

# DelFix v10.9 - Logfile created 06/03/2015 at 00:12:14

# Updated 27/02/2015 by Xplode

# Username : Dorothy01 - DOROTHY

# Operating System : Windows 8.1  (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Dorothy01\Desktop\AdwCleaner.exe

Deleted : C:\Users\Dorothy01\Desktop\FRST64.exe

Deleted : C:\Users\Dorothy01\Desktop\FSS.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #2 [Restore Point Created by FRST | 02/27/2015 02:54:31]

Deleted : RP #3 [Restore Point Created by FRST | 02/27/2015 12:26:16]

Deleted : RP #4 [Restore Point Created by FRST | 03/05/2015 00:44:11]

Deleted : RP #5 [Restore Point Created by FRST | 03/05/2015 21:40:33]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

[dbreeze]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.