Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Poweliks and maybe something else nasty! [Solved]


  • This topic is locked This topic is locked

#16
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hope all is fine, thanks again for your amazing help!!

 

No need to attach log, it's short and sweet and appears to be good news

 

Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Dorothy01 at 2015-03-04 19:18:06
Running from C:\Users\Dorothy01\Desktop
Boot Mode: Normal
 
================== Search Files: "HELP_DECRYPT.*;DECRYPT_INSTRUCTION.*" =============
 
====== End Of Search ======

  • 0

Advertisements


#17
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Good to hear that your machine is running better now.  And that last search did indeed come back with great news.  :yeah:

 

Let's get one more scan with FRST to check the system ....

 

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


  • 0

#18
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Okay here is the FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Dorothy01 (administrator) on DOROTHY on 05-03-2015 08:18:02
Running from C:\Users\Dorothy01\Desktop
Loaded Profiles: Dorothy01 (Available profiles: Dorothy01)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-19] (AVAST Software)
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM-x32 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
CHR Extension: (YouTube) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-19] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-19] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 08:18 - 2015-03-05 08:19 - 00012411 _____ () C:\Users\Dorothy01\Desktop\FRST.txt
2015-03-04 19:46 - 2015-03-04 19:46 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-04 19:45 - 2015-03-04 19:45 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-03-04 19:35 - 2015-03-04 19:35 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-27 06:33 - 2015-02-27 06:33 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-02-26 21:47 - 2015-02-26 21:47 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic.diagcab
2015-02-26 20:54 - 2015-03-04 17:29 - 00000000 ____D () C:\Users\Dorothy01\Desktop\FRST-OlderVersion
2015-02-25 21:44 - 2015-02-25 21:44 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (3).exe
2015-02-25 20:35 - 2015-02-25 20:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (2).exe
2015-02-25 20:29 - 2015-03-05 08:14 - 00197398 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 20:27 - 2014-02-14 04:38 - 00000000 ____D () C:\Users\Dorothy01\Downloads\Tweaking.com - Set Windows Services To Default Startup
2015-02-25 20:26 - 2015-02-25 20:26 - 01337256 _____ () C:\Users\Dorothy01\Downloads\Tweaking.com-SetWindowsServicesToDefaultStartup.exe
2015-02-25 01:42 - 2015-02-25 01:42 - 02126848 _____ () C:\Users\Dorothy01\Desktop\AdwCleaner.exe
2015-02-25 01:42 - 2015-02-25 01:42 - 00415232 _____ (Farbar) C:\Users\Dorothy01\Desktop\FSS.exe
2015-02-24 06:21 - 2015-02-24 06:21 - 00243440 _____ () C:\Users\Dorothy01\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-24 05:54 - 2015-02-24 05:54 - 00896048 _____ () C:\Users\Dorothy01\Downloads\Norton_Removal_Tool.exe
2015-02-21 22:39 - 2015-03-05 08:18 - 00000000 ____D () C:\FRST
2015-02-21 22:15 - 2015-03-04 17:29 - 02092544 _____ (Farbar) C:\Users\Dorothy01\Desktop\FRST64.exe
2015-02-21 22:12 - 2015-02-21 22:12 - 02745248 _____ () C:\Users\Dorothy01\Downloads\idtool.zip
2015-02-21 19:12 - 2015-02-21 19:12 - 00101120 _____ () C:\Users\Dorothy01\Downloads\Extras.Txt
2015-02-21 19:07 - 2015-02-21 19:14 - 00137792 _____ () C:\Users\Dorothy01\Downloads\OTL.Txt
2015-02-21 18:42 - 2015-02-21 18:42 - 00602112 _____ (OldTimer Tools) C:\Users\Dorothy01\Downloads\OTL.exe
2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu.exe
2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (1).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (2).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe_20150220.193324.1664.log
2015-02-20 06:45 - 2015-03-04 19:36 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\CrashDumps
2015-02-20 06:41 - 2015-03-04 20:46 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 06:41 - 2015-02-20 06:41 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 06:41 - 2015-02-20 06:41 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-20 06:07 - 2015-02-20 19:18 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-20 06:07 - 2015-02-20 06:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 22:07 - 2015-02-19 22:09 - 18683992 _____ () C:\Users\Dorothy01\Downloads\RogueKillerX64.exe
2015-02-19 22:04 - 2015-02-19 22:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\AVAST Software
2015-02-19 21:41 - 2015-02-19 21:41 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.214114.592.log
2015-02-19 21:33 - 2015-02-25 03:12 - 00000000 ____D () C:\AdwCleaner
2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213330.1188.log
2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213304.1212.log
2015-02-19 21:32 - 2015-02-19 21:33 - 02126848 _____ () C:\Users\Dorothy01\Downloads\adwcleaner_4.111.exe
2015-02-19 21:32 - 2015-02-19 21:32 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe
2015-02-19 21:32 - 2015-02-19 21:32 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213253.1128.log
2015-02-19 21:27 - 2015-02-19 21:27 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-19 21:27 - 2015-02-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-19 21:27 - 2015-02-19 21:17 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-19 21:23 - 2015-02-19 21:23 - 05006864 _____ (AVAST Software) C:\Users\Dorothy01\Downloads\avast_free_antivirus_setup_online.exe
2015-02-19 21:20 - 2015-02-19 21:27 - 00000350 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-19 21:20 - 2015-02-19 21:20 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Google
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files\Google
2015-02-19 21:18 - 2015-03-04 20:07 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 21:18 - 2015-02-19 21:21 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Google
2015-02-19 21:18 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 21:17 - 2015-02-19 21:27 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-19 21:17 - 2015-02-19 21:27 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-19 21:17 - 2015-02-19 21:17 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-19 21:13 - 2015-02-19 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 18:15 - 2015-02-19 18:15 - 00003180 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-02-18 16:53 - 2015-03-02 20:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 16:52 - 2015-02-18 16:52 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 16:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-18 16:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-18 16:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-18 16:48 - 2015-02-18 16:48 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-18 16:39 - 2015-02-24 06:22 - 00000000 ____D () C:\WINDOWS\pss
2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver
2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\Program Files\ZTE_Handset_USB_Driver
2015-02-11 17:53 - 2013-09-11 16:27 - 00134976 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsser.sys
2015-02-11 17:53 - 2013-09-11 16:26 - 00175808 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsnet.sys
2015-02-11 17:53 - 2013-03-19 18:38 - 00821544 _____ () C:\WINDOWS\adb.exe
2015-02-11 17:53 - 2012-11-09 17:14 - 00062728 _____ (VIA Telecom) C:\WINDOWS\system32\Drivers\viahsser.sys
2015-02-11 17:53 - 2012-10-31 18:02 - 00032136 _____ (Via Telecom, Inc.) C:\WINDOWS\system32\Drivers\viahsets.sys
2015-02-11 17:53 - 2012-06-20 13:51 - 00020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys
2015-02-11 17:53 - 2012-06-08 16:56 - 01721576 _____ () C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-02-11 17:53 - 2012-06-08 16:56 - 01002728 _____ () C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-02-11 17:53 - 2011-10-26 17:31 - 00067608 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll
2015-02-11 17:53 - 2011-08-15 18:43 - 00102936 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll
2015-02-09 16:56 - 2015-02-09 16:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 08:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 20:36 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-04 20:12 - 2014-07-23 09:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001
2015-03-04 20:09 - 2012-08-31 22:56 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-04 20:06 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 19:14 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 19:13 - 2014-10-14 09:44 - 00000000 ____D () C:\Users\Dorothy01
2015-03-04 02:50 - 2014-09-24 01:15 - 00006428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 21:27 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PLA
2015-02-27 06:27 - 2014-09-07 12:01 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 20:55 - 2014-10-22 16:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\tmp11238
2015-02-26 20:55 - 2014-10-14 13:14 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\AMD
2015-02-26 20:55 - 2014-10-14 10:30 - 00000000 ____D () C:\Windows.old
2015-02-26 20:55 - 2014-08-11 11:56 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Apple Computer
2015-02-26 20:55 - 2014-07-23 09:13 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Adobe
2015-02-26 20:55 - 2014-07-23 09:09 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard
2015-02-26 20:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-25 03:12 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2015-02-25 03:12 - 2014-07-23 16:07 - 00000000 ____D () C:\StarmIRC v3.0
2015-02-25 03:12 - 2014-07-23 16:05 - 00000000 ____D () C:\StarPircH
2015-02-25 03:12 - 2012-08-28 08:27 - 00000000 _RSHD () C:\hp
2015-02-25 03:12 - 2012-08-01 21:15 - 00000000 ____D () C:\SWSETUP
2015-02-25 03:12 - 2012-08-01 03:57 - 00000000 _RSHD () C:\SYSTEM.SAV
2015-02-25 02:39 - 2014-12-09 19:03 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-02-25 02:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Web
2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\ProgramData\Norton
2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-02-24 05:57 - 2014-11-11 19:11 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-21 22:13 - 2014-10-23 11:14 - 04012982 _____ (NathanScott Apps) C:\Users\Dorothy01\Desktop\IDTool.exe
2015-02-20 06:09 - 2014-07-23 16:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-20 06:09 - 2014-07-23 15:56 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-20 06:07 - 2014-07-23 15:56 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-19 23:23 - 2014-11-10 16:42 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Ovics
2015-02-19 07:41 - 2015-01-24 16:45 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\{294523ef-b8b6-59cc-fe37-7cd365b2a599}
2015-02-19 07:40 - 2014-11-20 15:49 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate
2015-02-19 07:40 - 2014-11-10 16:29 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate7
2015-02-19 01:24 - 2014-10-14 10:31 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-19 01:18 - 2014-11-11 16:55 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-15 08:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
 
==================== Files in the root of some directories =======
 
2015-01-05 14:15 - 2015-01-05 14:15 - 0015872 _____ () C:\Users\Dorothy01\AppData\Roaming\cowitches.d
2014-11-13 18:51 - 2015-01-07 09:58 - 0009728 _____ () C:\Users\Dorothy01\AppData\Roaming\mcp.ico
2014-07-23 15:49 - 2014-07-23 15:49 - 0000043 _____ () C:\Users\Dorothy01\AppData\Roaming\WB.CFG
2014-11-10 16:30 - 2014-11-10 16:30 - 0000448 ____H () C:\Users\Dorothy01\AppData\Roaming\麽鎒駓覜
2012-09-01 00:08 - 2012-09-01 00:08 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-14 09:32
 
==================== End Of Log ============================
 
 
And here's the additional scan
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Dorothy01 at 2015-03-05 08:20:20
Running from C:\Users\Dorothy01\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
StarmIRC 3.0 (HKLM-x32\...\StarmIRC 3.0) (Version:  - )
StarPircH v3.0 (HKLM-x32\...\StarPircH v3.0) (Version:  - )
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B01 - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll No File
 
==================== Restore Points  =========================
 
26-02-2015 20:54:31 Restore Point Created by FRST
27-02-2015 06:26:16 Restore Point Created by FRST
04-03-2015 18:44:11 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-02-24 05:57 - 00001515 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
136.243.254.251 www.google-analytics.com.
136.243.254.251 google-analytics.com.
136.243.254.251 connect.facebook.net.
162.247.13.85 www.google-analytics.com.
162.247.13.85 google-analytics.com.
162.247.13.85 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10DBF29F-9C03-4CB6-9169-375E42E32964} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe
Task: {11313470-E7D3-43C8-A7F7-5F76D072D93D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {14B872C9-ED54-4ACC-A2E9-1A45CAD02CCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {348D35BE-0530-4438-9C00-FA4E457087F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {45D84C00-2A3B-4698-945A-BD5F046DE8C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {56F27C26-0168-4504-889C-0EFBE85EE084} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {86C013A6-B536-4DF0-BEDC-656D87A1D6D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {A589DDED-A1E5-4832-A451-604AADF76C94} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {D042FFB9-18A6-451E-A0B3-D8F8FDB41F2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7DFAC78-DC9A-420F-9905-9654F37432EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {D8A8741F-AFA1-45BC-8531-65E4136E8CD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F70673BE-9DA6-4FE7-93FB-32DE754FBB81} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-19 19:06 - 2012-07-19 19:06 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-07-19 19:06 - 2012-07-19 19:06 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-07-19 19:07 - 2012-07-19 19:07 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-14 13:10 - 2014-10-14 13:10 - 00120224 _____ () C:\Users\Dorothy01\AppData\Local\assembly\dl3\N1ZEJ5WT.E21\Y8VKR1P8.4QP\edb32bf5\0038bcf4_1366cd01\HPItunesModule.DLL
2014-09-24 00:59 - 2014-09-24 00:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-04 17:27 - 2015-03-04 17:27 - 02916352 _____ () C:\Program Files\AVAST Software\Avast\defs\15030403\algo.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-19 21:17 - 2015-02-19 21:17 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "{30112b75-e574-a6db-560c-8103291a0838}"
HKLM\...\StartupApproved\Run32: => "CrashReportSaver"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.URL"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.TXT"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.PNG"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.HTML"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "acikmao"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "BluetoothS"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "dccwmote"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "Driver Support"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "kycnage"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1427692388-1042374531-2795145444-500 - Administrator - Disabled)
Dorothy01 (S-1-5-21-1427692388-1042374531-2795145444-1001 - Administrator - Enabled) => C:\Users\Dorothy01
Guest (S-1-5-21-1427692388-1042374531-2795145444-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1427692388-1042374531-2795145444-1006 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2875
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2875
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (03/04/2015 06:46:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
 
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
 
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
 
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2875
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2875
 
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
 
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 3660.08 MB
Available physical RAM: 2665.52 MB
Total Pagefile: 4060.08 MB
Available Pagefile: 2385.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:384.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D370BA94)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#19
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Ok; I'm not seeing any malware but we need to take care of some housekeeping (tiding up after some old programs, etc.).

 


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

Attached Files


  • 0

#20
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Dorothy01 at 2015-03-05 15:40:32 Run:6
Running from C:\Users\Dorothy01\Desktop
Loaded Profiles: Dorothy01 (Available profiles: Dorothy01)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM-x32 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (Norton Identity Safe) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-19]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2015-03-04 20:12 - 2014-07-23 09:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001
CustomCLSID: HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll No File
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll
Task: {10DBF29F-9C03-4CB6-9169-375E42E32964} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe
Task: {11313470-E7D3-43C8-A7F7-5F76D072D93D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {A589DDED-A1E5-4832-A451-604AADF76C94} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
C:\Program Files (x86)\Norton Internet Security
Reg: Reg Delete HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F
Reg: Reg Add HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F
EmptyTemp:
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8E0E081D-FD81-46C2-AD92-3B939C17F151}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E0E081D-FD81-46C2-AD92-3B939C17F151} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001 => Moved successfully.
"HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}" => Key deleted successfully.
"C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10DBF29F-9C03-4CB6-9169-375E42E32964}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10DBF29F-9C03-4CB6-9169-375E42E32964}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11313470-E7D3-43C8-A7F7-5F76D072D93D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11313470-E7D3-43C8-A7F7-5F76D072D93D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A589DDED-A1E5-4832-A451-604AADF76C94}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A589DDED-A1E5-4832-A451-604AADF76C94}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
 
========= Reg Delete HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 100.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:41:43 ====

  • 0

#21
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:


To uninstall Java (on Win7):


  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:


  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:


  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor  -  installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
 

 


  • 0

#22
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Here's the delfix log, thank you again, you have no idea how much I've truly appreciated all your help!

 

# DelFix v10.9 - Logfile created 06/03/2015 at 00:12:14
# Updated 27/02/2015 by Xplode
# Username : Dorothy01 - DOROTHY
# Operating System : Windows 8.1  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dorothy01\Desktop\AdwCleaner.exe
Deleted : C:\Users\Dorothy01\Desktop\FRST64.exe
Deleted : C:\Users\Dorothy01\Desktop\FSS.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #2 [Restore Point Created by FRST | 02/27/2015 02:54:31]
Deleted : RP #3 [Restore Point Created by FRST | 02/27/2015 12:26:16]
Deleted : RP #4 [Restore Point Created by FRST | 03/05/2015 00:44:11]
Deleted : RP #5 [Restore Point Created by FRST | 03/05/2015 21:40:33]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

 


  • 0

#23
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP