Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot connect to proxy server [Closed] [Solved]

Vista 64 Internet connectivity Dell Inspiron 15 Wifi card

  • This topic is locked This topic is locked

#31
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I followed the instructions to disable Java in Chrome and it was not in the plugin list.(?)


Looking back over the logs, I didn't see Java in Chrome, so no worries there.

Everything else looks outstanding! :) Looks like a clean bill of health, so let's remove my tools and create a new, clean restore point on the machine.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post:

Delfix Log

  • 0

Advertisements


#32
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

NEVER MIND! Bleeping Computer site is working now.   :thumbsup: 

 

Unfortunately, the Bleeping Computer site is down according to http://downforeveryoneorjustme.com/.  I'll monitor and keep trying to download Delfix.

 

I found it here - https://toolslib.net...nload/2-delfix/. Is this ok for me to download?  Is this available anywhere else? Can you check if you are able to download??

 

Also, my Internet keeps failing. Troubleshooting reveals "Gateway not found" but it does fix it. Could this be a computer problem or is it my signal/provider?


Edited by blondie53185, 20 July 2015 - 10:42 AM.

  • 0

#33
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

Well, finally was able to download Delfix from Bleeping Computer but I think it installed some crap on Chrome. After the initial question if I wanted to install it, I got a popup about a plugin for Chrome and then something about watching movies on the Internet.  

 

DELFIX:

# DelFix v10.8 - Logfile created 20/07/2015 at 12:44:48
# Updated 29/07/2014 by Xplode
# Username : Janice - JANICE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Janice\Desktop\FRST-OlderVersion
Deleted : C:\rkill.log
Deleted : C:\TDSSKiller.2.4.10.1_03.06.2014_21.12.17_log.txt
Deleted : C:\TDSSKiller.2.4.10.1_04.12.2010_09.18.40_log.txt
Deleted : C:\TDSSKiller.2.4.10.1_08.03.2015_08.58.14_log.txt
Deleted : C:\TDSSKiller.2.4.10.1_21.04.2015_15.01.47_log.txt
Deleted : C:\TDSSKiller.2.4.10.1_26.02.2015_05.12.03_log.txt
Deleted : C:\Users\Janice\Desktop\Addition.txt
Deleted : C:\Users\Janice\Desktop\AdwCleaner.exe
Deleted : C:\Users\Janice\Desktop\Fixlog.txt
Deleted : C:\Users\Janice\Desktop\FRST.txt
Deleted : C:\Users\Janice\Desktop\FRST64.exe
Deleted : C:\Users\Janice\Desktop\JRT.txt
Deleted : C:\Users\Janice\Desktop\Log file after reboot.txt
Deleted : C:\Users\Janice\Desktop\OTL.Txt
Deleted : C:\Users\Janice\Desktop\OTL.exe
Deleted : C:\Users\Janice\Desktop\TDSSKiller.exe
Deleted : C:\Users\Janice\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Janice\Downloads\FSS (1).exe
Deleted : C:\Users\Janice\Downloads\FSS (2).exe
Deleted : C:\Users\Janice\Downloads\FSS (3).exe
Deleted : C:\Users\Janice\Downloads\FSS.exe
Deleted : C:\Users\Janice\Downloads\FSS.txt
Deleted : C:\Users\Janice\Downloads\JRT.exe
Deleted : C:\Users\Janice\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #890 [Restore Point Created by FRST | 07/15/2015 01:16:32]
Deleted : RP #891 [Windows Update | 07/15/2015 22:00:13]
Deleted : RP #892 [Removed Google Drive | 07/16/2015 11:54:37]
Deleted : RP #893 [Removed Google Drive | 07/16/2015 12:21:23]
Deleted : RP #894 [Windows Update | 07/16/2015 22:00:11]
Deleted : RP #895 [Windows Update | 07/17/2015 22:00:12]
Deleted : RP #896 [Windows Update | 07/18/2015 22:00:14]
Deleted : RP #898 [Restore Point Created by FRST | 07/19/2015 14:05:19]
Deleted : RP #900 [Restore Point Created by FRST | 07/19/2015 21:46:10]
Deleted : RP #901 [Windows Update | 07/19/2015 22:00:12]
Deleted : RP #902 [Windows Backup | 07/19/2015 23:00:08]
Deleted : RP #903 [Removed Java 7 Update 51 | 07/20/2015 10:00:29]
Deleted : RP #904 [Removed Java™ 6 Update 14 (64-bit) | 07/20/2015 10:03:01]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
I did install Unchecky -- thanks.
 
Are we ready to move on to my daughter's machine? Let me know what you'd like to see.

  • 0

#34
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Well, finally was able to download Delfix from Bleeping Computer but I think it installed some crap on Chrome. After the initial question if I wanted to install it, I got a popup about a plugin for Chrome and then something about watching movies on the Internet.


Are you still getting that popup? The 2 sites we download Delfix from won't install malware on your machine. If so, we'll download and run FRST to make sure nothing nefarious is happening. If you're not getting it anymore, then we'll be ready to move on to your daughter's machine. Please let me know if you are still getting it.
  • 0

#35
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

I think we are all set and ready to move on to the daughter.  No more popup and everything ran fine on hubby's machine.


  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, sounds good. Go ahead and download FRST, and check the Addition.txt box. Please post both logs when the scan completes.

Things I need to see in your next post

FRST.txt log

Addition.txt log

  • 0

#37
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Haley (administrator) on HALEY-PC on 21-07-2015 06:49:28
Running from C:\Users\Haley\Desktop
Loaded Profiles: Haley (Available Profiles: Haley)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3863040 2008-10-13] (Dell Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-02] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\Run: [Dropbox Update] => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
Startup: C:\Users\Haley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-30] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...&q={searchTerms}
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-10-30] (AVAST Software)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-30] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A4235AC5-5A89-47E1-8235-14B1A9D571DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-30]

Chrome:
=======
CHR Profile: C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (AdZap
 Block ads across the web) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-07-21]
CHR Extension: (Gmail) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-10-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2930688 2008-10-13] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-30] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-02] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2014-10-30] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [331504 2014-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-30] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-04-24] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 06:49 - 2015-07-21 06:49 - 00014950 _____ C:\Users\Haley\Desktop\FRST.txt
2015-07-21 06:49 - 2015-07-21 06:49 - 00000000 ____D C:\Users\Haley\Desktop\FRST-OlderVersion
2015-07-21 03:00 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 03:00 - 2015-07-14 11:45 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 03:00 - 2015-07-14 10:34 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 03:00 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 22:06 - 2015-07-20 22:06 - 00003114 _____ C:\Windows\System32\Tasks\avastBCLRestart_IEXPLORE.EXE
2015-07-16 03:14 - 2015-06-27 12:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-16 03:14 - 2015-06-27 12:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-16 03:14 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-16 03:14 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-16 03:14 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 03:14 - 2015-06-27 11:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-16 03:14 - 2015-06-27 10:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 03:14 - 2015-06-27 10:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 03:14 - 2015-06-12 09:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-16 03:14 - 2015-01-08 20:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 03:13 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-16 03:13 - 2015-07-03 11:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 03:13 - 2015-06-24 23:09 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 03:12 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-16 03:12 - 2015-05-31 03:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 03:11 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-16 03:11 - 2015-06-17 12:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 03:11 - 2015-06-17 11:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 03:11 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-16 03:11 - 2015-06-12 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-16 03:11 - 2015-06-12 11:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:19 - 2015-07-03 02:18 - 17887744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 09:19 - 2015-07-03 02:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 09:19 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 09:19 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 09:14 - 2015-06-16 21:52 - 02343936 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:14 - 2015-06-16 21:50 - 10936320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 09:14 - 2015-06-16 21:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 09:14 - 2015-06-16 21:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 09:14 - 2015-06-16 21:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 09:14 - 2015-06-16 21:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 09:14 - 2015-06-16 21:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 09:14 - 2015-06-16 21:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 09:14 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 09:14 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 09:14 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 09:14 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 09:14 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 09:14 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-15 09:14 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-15 07:43 - 2015-07-15 07:43 - 00001146 _____ C:\Users\Haley\Desktop\JRT.txt
2015-07-15 07:39 - 2015-07-15 07:39 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Haley\Desktop\JRT.exe
2015-07-15 07:35 - 2015-07-21 06:49 - 02135552 _____ (Farbar) C:\Users\Haley\Desktop\FRST64.exe
2015-07-15 07:25 - 2015-07-21 06:49 - 00000000 ____D C:\FRST
2015-07-15 07:25 - 2015-07-15 07:26 - 00025264 _____ C:\Users\Haley\Downloads\FRST.txt
2015-07-15 07:25 - 2015-07-15 07:26 - 00025145 _____ C:\Users\Haley\Downloads\Addition.txt
2015-07-15 07:23 - 2015-07-15 07:24 - 02133504 _____ (Farbar) C:\Users\Haley\Downloads\FRST64.exe
2015-07-15 07:14 - 2015-07-15 07:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HALEY-PC-Windows-Vista-™-Home-Premium-(64-bit).dat
2015-07-15 07:13 - 2015-07-15 07:13 - 00000000 ____D C:\RegBackup
2015-07-15 03:55 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-15 03:55 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-15 03:54 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-15 03:54 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-15 03:54 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-15 03:54 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 03:54 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-15 03:54 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-15 03:54 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-15 03:54 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-15 03:54 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-15 03:54 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 03:47 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-15 03:47 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-14 12:46 - 2015-07-21 06:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 12:45 - 2015-07-14 12:45 - 00000943 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 12:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 12:45 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-14 12:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-14 12:27 - 2015-07-14 12:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-07-14 11:41 - 2015-07-14 11:42 - 00000000 ____D C:\Users\Haley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-14 11:39 - 2015-07-21 06:50 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA.job
2015-07-14 11:39 - 2015-07-20 21:50 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core.job
2015-07-14 11:39 - 2015-07-20 21:45 - 00003802 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA
2015-07-14 11:39 - 2015-07-20 21:45 - 00003406 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core
2015-07-14 11:39 - 2015-07-14 11:39 - 00000000 ____D C:\Users\Haley\AppData\Local\Dropbox
2015-07-14 11:39 - 2015-07-14 11:39 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 06:40 - 2008-01-20 21:53 - 01113843 _____ C:\Windows\WindowsUpdate.log
2015-07-21 06:36 - 2014-10-30 07:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 05:18 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-21 05:18 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 05:06 - 2015-06-04 10:21 - 00000994 _____ C:\Windows\Tasks\PLllgQhoH8Z.job
2015-07-21 03:26 - 2006-11-02 08:46 - 00758626 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 03:21 - 2015-02-11 08:38 - 00000000 ___RD C:\Users\Haley\Dropbox
2015-07-21 03:21 - 2015-02-11 08:31 - 00000000 ____D C:\Users\Haley\AppData\Roaming\Dropbox
2015-07-21 03:20 - 2014-10-30 07:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 03:18 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 03:18 - 2006-11-02 11:21 - 00237480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 03:16 - 2006-11-02 11:42 - 00018988 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-16 08:01 - 2014-10-30 07:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 08:01 - 2014-10-30 07:36 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 03:08 - 2014-10-29 14:27 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 03:00 - 2014-10-30 08:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-15 04:31 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-14 21:46 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z
2015-07-14 15:36 - 2008-01-20 23:26 - 00684180 _____ C:\Windows\PFRO.log
2015-07-14 15:20 - 2013-05-19 10:40 - 00000008 _____ C:\END
2015-07-14 13:51 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Resources
2015-07-14 12:27 - 2006-11-02 11:27 - 00027243 _____ C:\Windows\setupact.log
2015-07-14 11:22 - 2015-06-04 10:20 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-03 08:43 - 2006-11-02 08:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-23 13:30 - 2014-10-29 13:56 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-04-19 08:20 - 2015-07-14 21:46 - 0000626 _____ () C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z
2014-10-29 12:35 - 2014-10-29 13:37 - 0000732 _____ () C:\Users\Haley\AppData\Local\d3d9caps64.dat
2015-02-02 13:49 - 2015-02-02 13:49 - 0003584 _____ () C:\Users\Haley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-04 10:26 - 2015-06-04 10:28 - 0000112 _____ () C:\ProgramData\lEYr1Axv.dat

Files to move or delete:
====================
C:\ProgramData\lEYr1Axv.dat

Some files in TEMP:
====================
C:\Users\Haley\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi78rnf.dll
C:\Users\Haley\AppData\Local\Temp\Uninstall.exe
C:\Users\Haley\AppData\Local\Temp\UninstallModule.exe
C:\Users\Haley\AppData\Local\Temp\_is83B0.exe
C:\Users\Haley\AppData\Local\Temp\_isBFA7.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-21 03:23

==================== End of log ============================

 

 

ADDITIONAL.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Haley at 2015-07-21 06:50:06
Running from C:\Users\Haley\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1849030827-776577423-3574151073-500 - Administrator - Disabled)
Guest (S-1-5-21-1849030827-776577423-3574151073-501 - Limited - Disabled)
Haley (S-1-5-21-1849030827-776577423-3574151073-1000 - Administrator - Enabled) => C:\Users\Haley

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Cisco EAP-FAST Module (HKLM-x32\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.17 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Haley\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Haley\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Haley\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Haley\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1849030827-776577423-3574151073-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-07-2015 03:44:17 Windows Update
15-07-2015 10:14:10 Restore copy 7-15-15
16-07-2015 03:00:28 Windows Update
20-07-2015 21:29:45 Windows Update
21-07-2015 03:00:11 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C5368A-38DE-43F8-BAFA-4973343CCFEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {156B0DAE-D68C-460F-80C9-42D9E7B323D2} - System32\Tasks\PLllgQhoH8Z => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION
Task: {3329A7DC-E0B5-46A5-AC9E-445EB5780A9F} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {387C22A2-22AC-457C-B798-247E3FB83374} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-14] (Dropbox, Inc.)
Task: {3B006953-CE06-4806-9431-05176F87B68C} - System32\Tasks\avastBCLRestart_IEXPLORE.EXE => Iexplore.exe
Task: {44941D9C-702D-4D0B-BA4A-0755A64FFC8C} - \WebBarUpdateTask No Task File <==== ATTENTION
Task: {489E1F42-40CF-4F2A-AE8D-DB6817A90F16} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {575D453F-BD1F-464E-8754-8485ACE8D769} - \WindApp Update No Task File <==== ATTENTION
Task: {7A3671CB-54DE-4DAC-8F40-CCD4462C642E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {90354345-2FE1-4B63-B83E-6C73D6CEC09F} - \One System Care Monitor No Task File <==== ATTENTION
Task: {9AED34DE-EADF-49BC-B1BF-9BC4792486EC} - \WebBarLaunchTask No Task File <==== ATTENTION
Task: {A063A3DB-260A-4C49-8D05-8172507DB448} - \Selection Tools Update No Task File <==== ATTENTION
Task: {BBBEFACF-50B3-48C2-B6A4-965868A5AF1A} - System32\Tasks\SpinTires => C:\Users\Haley\AppData\Local\Temp\is-9SQU6.tmp\prsetup.exe [2015-05-05] (SpinTires, Inc.                                             ) <==== ATTENTION
Task: {C2B0A4C6-02E6-4BC7-B2E5-3F8742F8A114} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {C761B97B-F470-44BF-89D7-2668BDF30DAA} - \bvxvbvbh No Task File <==== ATTENTION
Task: {D140F53A-D111-467C-B28A-7C7EB9BA77A1} - \Crossbrowse No Task File <==== ATTENTION
Task: {DE20A880-048B-45B3-9590-8F618AD14ECD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-14] (Avast Software s.r.o.)
Task: {E04C7FB4-9AF0-4AB5-828B-D95E853F3795} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-14] (Dropbox, Inc.)
Task: {E4E1B6FA-9EB3-4689-9A10-FDD254AA9009} - \MaxComputerCleaner_Start No Task File <==== ATTENTION
Task: {F8B227D1-E382-4EC5-B66A-30F8A03CFD59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core.job => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA.job => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PLllgQhoH8Z.job => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-10-29 13:40 - 2008-10-13 14:17 - 00031744 _____ () C:\Windows\System32\WLTRYSVC.EXE
2014-10-29 13:40 - 2008-10-13 14:17 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-07-20 21:18 - 2015-07-20 21:18 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15072002\algo.dll
2015-07-21 04:19 - 2015-07-21 04:19 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2015-07-21 03:21 - 2015-07-21 03:21 - 00043008 _____ () c:\users\haley\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi78rnf.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Haley\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Haley\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Haley\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Haley\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-30 08:37 - 2014-10-30 08:37 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\army.mil -> hxxps://*.us.army.mil

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{3431946F-6A54-4A88-9BEF-FC188E2935EF}] => (Allow) LPort=80
FirewallRules: [{65AE59D1-0502-43AE-B897-CD2FD865CE75}] => (Allow) LPort=80
FirewallRules: [{0D3A7EB5-CA80-47C7-8F65-A46852AB1764}] => (Allow) LPort=80
FirewallRules: [{DE0F725A-9CA0-4198-8189-DCCC0712D8F7}] => (Allow) C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{140F15A8-3680-4BE6-BA68-0F28E8BD525B}] => (Allow) C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{99C49246-0E1B-4CE0-82C3-9D35B72C0742}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{5036A940-AD1A-4783-B42F-6C46D9DFC541}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 03:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 03:34:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 01:42:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 04:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 04:11:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (07/15/2015 03:52:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (07/15/2015 03:52:31 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (07/15/2015 03:40:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 09:18:58 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/14/2015 03:37:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/21/2015 06:47:37 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:47:08 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:45:55 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:45:35 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:45:30 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:45:25 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:44:56 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:44:51 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:44:37 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/21/2015 06:44:17 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Microsoft Office:
=========================
Error: (07/21/2015 03:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 03:34:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 01:42:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 04:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 04:11:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x40010004

Error: (07/15/2015 03:52:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (07/15/2015 03:52:31 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (07/15/2015 03:40:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 09:18:58 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/14/2015 03:37:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2015-07-21 06:50:02.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 06:50:01.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 06:50:01.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 06:50:01.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:26.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:25.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:25.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:25.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:25.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 05:06:25.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 4027.98 MB
Available physical RAM: 2179.84 MB
Total Virtual: 8275.23 MB
Available Virtual: 6210.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.01 GB) (Free:74.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#38
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, let's get started. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...&q={searchTerms}
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\ProgramData\lEYr1Axv.dat
Task: {156B0DAE-D68C-460F-80C9-42D9E7B323D2} - System32\Tasks\PLllgQhoH8Z => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION
Task: {3329A7DC-E0B5-46A5-AC9E-445EB5780A9F} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z
C:\Windows\Tasks\PLllgQhoH8Z.job
Task: {44941D9C-702D-4D0B-BA4A-0755A64FFC8C} - \WebBarUpdateTask No Task File <==== ATTENTION
Task: {489E1F42-40CF-4F2A-AE8D-DB6817A90F16} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {575D453F-BD1F-464E-8754-8485ACE8D769} - \WindApp Update No Task File <==== ATTENTION
Task: {7A3671CB-54DE-4DAC-8F40-CCD4462C642E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {90354345-2FE1-4B63-B83E-6C73D6CEC09F} - \One System Care Monitor No Task File <==== ATTENTION
Task: {9AED34DE-EADF-49BC-B1BF-9BC4792486EC} - \WebBarLaunchTask No Task File <==== ATTENTION
Task: {A063A3DB-260A-4C49-8D05-8172507DB448} - \Selection Tools Update No Task File <==== ATTENTION
Task: {BBBEFACF-50B3-48C2-B6A4-965868A5AF1A} - System32\Tasks\SpinTires => C:\Users\Haley\AppData\Local\Temp\is-9SQU6.tmp\prsetup.exe [2015-05-05] (SpinTires, Inc. ) <==== ATTENTION
Task: {C2B0A4C6-02E6-4BC7-B2E5-3F8742F8A114} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {C761B97B-F470-44BF-89D7-2668BDF30DAA} - \bvxvbvbh No Task File <==== ATTENTION
Task: {D140F53A-D111-467C-B28A-7C7EB9BA77A1} - \Crossbrowse No Task File <==== ATTENTION
Task: {E4E1B6FA-9EB3-4689-9A10-FDD254AA9009} - \MaxComputerCleaner_Start No Task File <==== ATTENTION
Task: C:\Windows\Tasks\PLllgQhoH8Z.job => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\army.mil -> hxxps://*.us.army.mil
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#39
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

FIXLOG.TXT

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Haley at 2015-07-22 06:04:18 Run:1
Running from C:\Users\Haley\Desktop
Loaded Profiles: Haley (Available Profiles: Haley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...&q={searchTerms}
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...Z2wi3QWJhIf68Op
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849030827-776577423-3574151073-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.globasear...q={searchTerms}
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\ProgramData\lEYr1Axv.dat
Task: {156B0DAE-D68C-460F-80C9-42D9E7B323D2} - System32\Tasks\PLllgQhoH8Z => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION
Task: {3329A7DC-E0B5-46A5-AC9E-445EB5780A9F} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z
C:\Windows\Tasks\PLllgQhoH8Z.job
Task: {44941D9C-702D-4D0B-BA4A-0755A64FFC8C} - \WebBarUpdateTask No Task File <==== ATTENTION
Task: {489E1F42-40CF-4F2A-AE8D-DB6817A90F16} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {575D453F-BD1F-464E-8754-8485ACE8D769} - \WindApp Update No Task File <==== ATTENTION
Task: {7A3671CB-54DE-4DAC-8F40-CCD4462C642E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {90354345-2FE1-4B63-B83E-6C73D6CEC09F} - \One System Care Monitor No Task File <==== ATTENTION
Task: {9AED34DE-EADF-49BC-B1BF-9BC4792486EC} - \WebBarLaunchTask No Task File <==== ATTENTION
Task: {A063A3DB-260A-4C49-8D05-8172507DB448} - \Selection Tools Update No Task File <==== ATTENTION
Task: {BBBEFACF-50B3-48C2-B6A4-965868A5AF1A} - System32\Tasks\SpinTires => C:\Users\Haley\AppData\Local\Temp\is-9SQU6.tmp\prsetup.exe [2015-05-05] (SpinTires, Inc. ) <==== ATTENTION
Task: {C2B0A4C6-02E6-4BC7-B2E5-3F8742F8A114} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {C761B97B-F470-44BF-89D7-2668BDF30DAA} - \bvxvbvbh No Task File <==== ATTENTION
Task: {D140F53A-D111-467C-B28A-7C7EB9BA77A1} - \Crossbrowse No Task File <==== ATTENTION
Task: {E4E1B6FA-9EB3-4689-9A10-FDD254AA9009} - \MaxComputerCleaner_Start No Task File <==== ATTENTION
Task: C:\Windows\Tasks\PLllgQhoH8Z.job => C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z.exe <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\army.mil -> hxxps://*.us.army.mil
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1849030827-776577423-3574151073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
IpInIp => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
C:\ProgramData\lEYr1Axv.dat => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{156B0DAE-D68C-460F-80C9-42D9E7B323D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{156B0DAE-D68C-460F-80C9-42D9E7B323D2}" => key removed successfully
C:\Windows\System32\Tasks\PLllgQhoH8Z => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PLllgQhoH8Z" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3329A7DC-E0B5-46A5-AC9E-445EB5780A9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3329A7DC-E0B5-46A5-AC9E-445EB5780A9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
C:\Users\Haley\AppData\Roaming\PLllgQhoH8Z => moved successfully.
C:\Windows\Tasks\PLllgQhoH8Z.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44941D9C-702D-4D0B-BA4A-0755A64FFC8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44941D9C-702D-4D0B-BA4A-0755A64FFC8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarUpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{489E1F42-40CF-4F2A-AE8D-DB6817A90F16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489E1F42-40CF-4F2A-AE8D-DB6817A90F16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{575D453F-BD1F-464E-8754-8485ACE8D769}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{575D453F-BD1F-464E-8754-8485ACE8D769}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A3671CB-54DE-4DAC-8F40-CCD4462C642E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3671CB-54DE-4DAC-8F40-CCD4462C642E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90354345-2FE1-4B63-B83E-6C73D6CEC09F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90354345-2FE1-4B63-B83E-6C73D6CEC09F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AED34DE-EADF-49BC-B1BF-9BC4792486EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AED34DE-EADF-49BC-B1BF-9BC4792486EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A063A3DB-260A-4C49-8D05-8172507DB448}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A063A3DB-260A-4C49-8D05-8172507DB448}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBBEFACF-50B3-48C2-B6A4-965868A5AF1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBBEFACF-50B3-48C2-B6A4-965868A5AF1A}" => key removed successfully
C:\Windows\System32\Tasks\SpinTires => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpinTires" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2B0A4C6-02E6-4BC7-B2E5-3F8742F8A114}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2B0A4C6-02E6-4BC7-B2E5-3F8742F8A114}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C761B97B-F470-44BF-89D7-2668BDF30DAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C761B97B-F470-44BF-89D7-2668BDF30DAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbvbh" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D140F53A-D111-467C-B28A-7C7EB9BA77A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D140F53A-D111-467C-B28A-7C7EB9BA77A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4E1B6FA-9EB3-4689-9A10-FDD254AA9009}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E1B6FA-9EB3-4689-9A10-FDD254AA9009}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxComputerCleaner_Start" => key removed successfully
C:\Windows\Tasks\PLllgQhoH8Z.job not found.
"HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\army.mil" => key removed successfully

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

Unable to cancel {E7F6364A-9428-46E6-A485-D46C1CE1744F}.
0 out of 1 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.8 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 06:06:46 ====


  • 0

#40
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

JUNKWARE REMOVAL TOOL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Windows ™ Vista Home Premium x64
Ran by Haley on Wed 07/22/2015 at  6:25:21.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Failed to delete: [File] C:\Windows\syswow64\number of results

 

~~~ Folders

 

~~~ Chrome

[C:\Users\Haley\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Haley\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
elchiiiejkobdbblfejjkbphbddgmljf

[C:\Users\Haley\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Haley\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bkomkajifikmkfnjgphkjcfeepbnojok,
  elchiiiejkobdbblfejjkbphbddgmljf
]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at  6:30:31.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

Advertisements


#41
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

ADWARE CLEANER [R0]

 

# AdwCleaner v4.208 - Logfile created 22/07/2015 at 06:35:42
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Haley - HALEY-PC
# Running from : C:\Users\Haley\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKCU\Software\MaxComputerCleanerConfig
Key Found : HKCU\Software\MaxComputerCleanerLanguage
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Linkey
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OneSystemCare
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SmartWeb
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\WTools
Key Found : [x64] HKCU\Software\MaxComputerCleanerConfig
Key Found : [x64] HKCU\Software\MaxComputerCleanerLanguage
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\WTools
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\f8b66f5b-6516-ebad-51cb-f55ff194b17e
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Value Found : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
Value Found : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Value Found : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16669

-\\ Google Chrome v43.0.2357.134

[C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MD0490043-D40C-45CA-8626-D92A2BB2F1DC&SearchSource=58&CUI=&UM=8&UP=SP5AF7C4D8-F3A4-4CF9-8042-64618C4ACC7E&D=071415&q={searchTerms}&SSPV=SP30339T2B_sp_ch
[C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : C8CD630C73A8679DEC4414C62874DF523F81612AAA7312422495E97AE8339D37","homepage_is_newtabpage":"6D41DDD264AFFD1E5D5FA6695352C4CEADBECF1B26B9725AFDE3111132399CB8","pinned_tabs":"48C2EDA018892F23765B1737A858AF56E3179000567EE6716A0A771DFF37AB56","prefs":{"preference_reset_time":"A29B671793D37F02338EA37B19A91BEE24ABA72C89B0F2DFC28A03E66F3EFD66"},"safebrowsing":{"incident_report_sent":"98DB8DD371B7821CC6927727D9B6334FF517CD6DF3BD0507C03A63E0751DFBE8","incidents_sent":"6304A6DC876840CBFA04DC181B4FA93EC98869F9F5BFF47DF19A0B2F03B2D2E8"},"search_provider_overrides":"96106B6CA276C09635809FD5EB5295F10FF5CC156837D9BD66DB919C879898C8","session":{"restore_on_startup":"B55F8BF460B09C927FBF14E144CF6474A1D1D45D17AF30CA69BF700F37C03135","startup_urls":"61DC3ADF8B4300068AE91B41727D89E8678EC1657BF38C1D86051CEDF92DA8CD"},"sync":{"remaining_rollback_tries":"56082AF52433336B2C0453373E52E44BA3D01293F226156F9B9028C76C9443C9"}},"super_mac":"E10F9AEE544E79E5A9D8AA606024AAE858F41169DDD47509076B653A8BD84B05"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.globasearch.com/?b=1
[C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : 61DC3ADF8B4300068AE91B41727D89E8678EC1657BF38C1D86051CEDF92DA8CD"},"sync":{"remaining_rollback_tries":"56082AF52433336B2C0453373E52E44BA3D01293F226156F9B9028C76C9443C9"}},"super_mac":"E10F9AEE544E79E5A9D8AA606024AAE858F41169DDD47509076B653A8BD84B05"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.globasearch.com/?b=1

*************************

AdwCleaner[R0].txt - [4432 bytes] - [22/07/2015 06:35:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4491 bytes] ##########


  • 0

#42
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi :)

Please re-run AdwCleaner and when it finishes scanning, please press the Clean button.

AdwCleaner will remove the entries and require a reboot. Please post the log that will open upon reboot. :thumbsup:
  • 0

#43
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
# AdwCleaner v4.208 - Logfile created 23/07/2015 at 06:33:03
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Haley - HALEY-PC
# Running from : C:\Users\Haley\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16669
 
 
-\\ Google Chrome v44.0.2403.89
 
 
*************************
 
AdwCleaner[R0].txt - [4594 bytes] - [22/07/2015 06:35:42]
AdwCleaner[R1].txt - [676 bytes] - [23/07/2015 06:33:03]
AdwCleaner[S0].txt - [4480 bytes] - [22/07/2015 06:53:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [793 bytes] ##########

  • 0

#44
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
:thumbsup: Let's run some scans and sweep for orphans and remnants.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please start the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#45
blondie53185

blondie53185

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

MBAB.TXT

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2015
Scan Time: 12:43:57 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.23.04
Rootkit Database: v2015.07.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Haley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313411
Time Elapsed: 14 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP