Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dregol and Super Optimizer Removed? - Need to be sure


  • This topic is locked This topic is locked

#1
sl962

sl962

    Member

  • Member
  • PipPip
  • 59 posts

Good Afternoon. I have my  aunts Windows 8.1 laptop here. It was infected with Dregol and Super Optimizer malware. I unistalled both in safe mode and then ran MalwareBytes (free) and let it fix/delete what it found. I then ran the windows defender anti-virus and was told all was well so I ran MalwareBytes again and it found nothing.

The laptop seems ok now but I would like to be sure before I return it to her.

Thank You in advance for your time and have a Great day...

P.S. When I looked for the MBAM logs I could not find them. They may have been deleted when I uninstall MBAM. (Sorry) Below are the logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by lynn (administrator) on LYNNSPC on 08-07-2015 11:17:32
Running from C:\Users\lynn\Desktop
Loaded Profiles: lynn (Available Profiles: lynn)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-10-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3626191383-1179793375-1151875164-1002\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3626191383-1179793375-1151875164-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {421AE00F-4B6F-4813-BF73-55D6A7B38C4C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {421AE00F-4B6F-4813-BF73-55D6A7B38C4C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3626191383-1179793375-1151875164-1002 -> {421AE00F-4B6F-4813-BF73-55D6A7B38C4C} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A564FB8-3F8A-41C8-8906-73E64DC782A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AC9DBA63-EB7C-462A-9A54-069609993B74}: [DhcpNameServer] 100.100.22.24
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF user.js: detected! => C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default\user.js [2015-07-02]
FF Extension: Filter Results - C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default\Extensions\{4d150305-e1ba-4303-8ef6-29a0b276f9f5}.xpi [2015-07-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 11:17 - 2015-07-08 11:17 - 00010151 _____ C:\Users\lynn\Desktop\FRST.txt
2015-07-08 11:16 - 2015-07-08 11:17 - 00000000 ____D C:\FRST
2015-07-08 11:15 - 2015-07-08 11:09 - 02112512 _____ (Farbar) C:\Users\lynn\Desktop\FRST64.exe
2015-07-06 21:07 - 2015-07-06 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-06 21:04 - 2015-05-08 08:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\lynn\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-06 20:47 - 2015-07-06 20:47 - 00000000 ____D C:\ProgramData\4319e11c000011d9
2015-07-04 21:35 - 2015-07-06 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 23:57 - 2015-07-04 20:57 - 00000099 _____ C:\Users\lynn\AppData\Roaming\WB.CFG
2015-07-02 17:57 - 2015-07-06 20:45 - 00000000 ____D C:\Users\lynn\AppData\Local\Chromium
2015-07-02 17:57 - 2015-07-02 17:57 - 00003732 _____ C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2015-07-02 17:57 - 2015-07-02 17:57 - 00003584 _____ C:\Windows\System32\Tasks\DriverRestore_DailyScan
2015-07-02 17:57 - 2015-07-02 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-07-02 17:57 - 2014-07-01 10:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-07-02 17:56 - 2015-07-06 12:03 - 00000000 ____D C:\Program Files (x86)\DriverRestore
2015-07-02 17:11 - 2015-07-02 17:11 - 00280992 _____ C:\Windows\Minidump\070215-21484-01.dmp
2015-07-02 11:19 - 2015-07-02 11:19 - 00280992 _____ C:\Windows\Minidump\070215-22812-01.dmp
2015-06-30 21:34 - 2015-06-30 21:34 - 00280992 _____ C:\Windows\Minidump\063015-19875-01.dmp
2015-06-25 10:51 - 2015-06-25 10:51 - 00280992 _____ C:\Windows\Minidump\062515-25031-01.dmp
2015-06-25 10:17 - 2015-06-25 10:17 - 00280992 _____ C:\Windows\Minidump\062515-29609-01.dmp
2015-06-24 11:24 - 2015-06-24 11:24 - 00280992 _____ C:\Windows\Minidump\062415-38546-01.dmp
2015-06-23 10:09 - 2015-06-23 10:09 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-15 23:07 - 2015-06-15 23:07 - 00280992 _____ C:\Windows\Minidump\061515-37703-01.dmp
2015-06-09 13:38 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 13:38 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 13:38 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 13:38 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 13:38 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 13:38 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 13:38 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 13:38 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 13:38 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 13:38 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 13:38 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 13:38 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 13:38 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 13:38 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 13:38 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 13:38 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 13:38 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 13:38 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 13:38 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 13:38 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 13:38 - 2015-04-08 15:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 13:38 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 13:38 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 13:38 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 13:38 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 13:38 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 13:38 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 13:38 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 13:38 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 13:38 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 13:38 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 13:38 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 13:38 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 13:38 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 13:38 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 13:38 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 13:38 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 13:38 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 13:38 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 13:38 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 13:38 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 13:38 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 13:37 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 13:37 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 13:37 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 13:37 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 13:37 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 13:37 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 13:37 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 13:37 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 13:37 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 13:37 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 13:37 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 13:37 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 13:37 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 13:37 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 13:37 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 13:37 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 13:37 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 13:37 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 13:37 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 13:37 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 13:37 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 13:37 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 13:37 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 13:37 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 13:37 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 13:37 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 13:37 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 13:37 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 13:37 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 13:37 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 13:37 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 13:37 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 13:37 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 13:37 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 11:16 - 2014-10-26 19:37 - 01231268 _____ C:\Windows\WindowsUpdate.log
2015-07-08 11:16 - 2014-03-18 02:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 11:15 - 2013-08-22 07:46 - 00031219 _____ C:\Windows\setupact.log
2015-07-08 11:09 - 2014-11-01 12:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 11:07 - 2014-10-26 19:48 - 00000000 ____D C:\Users\lynn\Documents\Youcam
2015-07-08 11:06 - 2014-10-26 21:01 - 00000000 ___DO C:\Users\lynn\OneDrive
2015-07-08 11:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-08 10:58 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-06 22:54 - 2014-08-08 17:32 - 01887683 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-07-06 22:53 - 2014-08-08 17:24 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-07-06 22:53 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 22:26 - 2014-10-26 19:51 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3626191383-1179793375-1151875164-1002
2015-07-06 22:12 - 2014-12-22 15:07 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForlynn
2015-07-06 22:12 - 2014-12-22 15:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForlynn.job
2015-07-06 22:12 - 2013-10-02 14:14 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-07-06 22:06 - 2014-03-18 02:44 - 00036936 _____ C:\Windows\PFRO.log
2015-07-06 22:06 - 2013-08-22 07:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-06 22:05 - 2014-05-06 01:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-06 22:05 - 2014-05-06 01:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-06 19:35 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-06 14:24 - 2015-04-20 18:33 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 14:24 - 2015-04-20 18:33 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 12:11 - 2014-10-26 20:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 12:08 - 2014-10-26 19:46 - 00000000 ____D C:\Users\lynn
2015-07-06 12:03 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-05 03:08 - 2014-10-30 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-02 18:02 - 2014-11-01 12:48 - 00000000 ____D C:\Users\lynn\AppData\Local\Adobe
2015-07-02 18:01 - 2014-11-01 12:49 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-02 17:57 - 2015-02-07 12:51 - 00000000 __SHD C:\Users\lynn\AppData\Local\EmieBrowserModeList
2015-07-02 17:57 - 2014-10-26 20:09 - 00000000 __SHD C:\Users\lynn\AppData\Local\EmieUserList
2015-07-02 17:57 - 2014-10-26 20:09 - 00000000 __SHD C:\Users\lynn\AppData\Local\EmieSiteList
2015-07-02 17:11 - 2015-01-17 20:48 - 00000000 ____D C:\Windows\Minidump
2015-07-02 17:11 - 2015-01-17 20:47 - 485365984 _____ C:\Windows\MEMORY.DMP
2015-06-29 16:12 - 2014-10-27 14:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-14 17:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-06-14 13:47 - 2015-04-20 18:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-14 13:47 - 2015-04-20 18:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-14 13:47 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-14 13:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 18:57 - 2014-10-31 19:04 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 18:54 - 2014-10-31 19:04 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-07-02 23:57 - 2015-07-04 20:57 - 0000099 _____ () C:\Users\lynn\AppData\Roaming\WB.CFG
2014-10-26 21:32 - 2014-10-26 21:32 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\lynn\AppData\Local\Temp\COMAP.EXE
C:\Users\lynn\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\lynn\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\lynn\AppData\Local\Temp\Extract.exe
C:\Users\lynn\AppData\Local\Temp\SP65806.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 10:58

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by lynn at 2015-07-08 11:18:31
Running from C:\Users\lynn\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3626191383-1179793375-1151875164-500 - Administrator - Disabled)
Guest (S-1-5-21-3626191383-1179793375-1151875164-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3626191383-1179793375-1151875164-1004 - Limited - Enabled)
lynn (S-1-5-21-3626191383-1179793375-1151875164-1002 - Administrator - Enabled) => C:\Users\lynn

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 5530 series Basic Device Software (HKLM\...\{E43084F2-A74C-47A3-BD6D-AA57FC0A381E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{3FB74B78-098D-48EF-8CC4-BE6C431C0E16}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-06-2015 14:44:03 Scheduled Checkpoint
24-06-2015 12:13:22 Windows Update
05-07-2015 12:43:03 Scheduled Checkpoint
06-07-2015 22:04:42 Removed HP SimplePass

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {131267A0-2039-41C8-BFBA-9D3B84A35925} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-14] ()
Task: {1BA30D2E-653F-4342-BEB5-8DFFB5186399} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {535E4A00-A671-4AEF-80DE-6A7FB524E5F8} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {57BE65CB-7695-4187-8D77-5AFB2C987C2F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-12] (Synaptics Incorporated)
Task: {5A98B0E5-382E-4C10-91F2-3C06398548D5} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {5EFBFAD3-BCCD-417B-9B16-ADB2EC2E3482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {6933735B-0408-47B9-A2E8-9E75819033D4} - System32\Tasks\HPCeeScheduleForlynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6D1B402C-ACCE-4D00-B585-A4D2B13E4C28} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {76C0AB5B-96E4-462D-A0B8-EA071088566C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN44J2106R => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {883D9458-68FF-43FD-A3DB-1C75826AB62A} - \Run_dregol No Task File <==== ATTENTION
Task: {C1CB8785-2FB2-4AF6-AF95-C9D468D37754} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-14] ()
Task: {C26A62A7-E931-456A-88D3-FD0BF3CD5F8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {C3CB07A2-6231-4386-82D4-0D71158C29D4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {C96290AD-7F55-4A56-9B26-D2A11D29F938} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D16DC536-FCD0-4AAC-84FD-8DFFB35375A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {DFCE33AC-1E8B-4505-B3FF-854D42D4B653} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-02] (Adobe Systems Incorporated)
Task: {F2E58BD8-25DD-4896-9F23-DBC0B6E2A381} - \Super Optimizer Schedule No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForlynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-17 15:38 - 2014-04-17 15:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 15:37 - 2014-04-17 15:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-08 17:42 - 2013-08-05 00:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\lynn\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3626191383-1179793375-1151875164-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img8.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{64E22CAF-8491-4B99-B5E5-0DAE355ABB65}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8E7360D8-EE8A-42FF-A62F-293038A5E68E}] => (Allow) LPort=2869
FirewallRules: [{A529951D-EE38-4BBE-B0BE-E9E3C966E904}] => (Allow) LPort=1900
FirewallRules: [{5CD49349-0547-47FC-B416-9225624E10CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DAF80960-6674-4BA8-BE52-F2E27C65DF46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F780F7A5-2946-42BA-B28F-C567C0851C75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CAD5BF9-32B6-4880-8739-00BD0A3CB170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CB5DB8F-90AF-4FD1-998D-0BB95FE2B341}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E886818D-AA33-49B8-94A0-C4957EEF8DD0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EF6B286F-BCF4-4730-A090-49ADB4025632}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{87424258-6C42-472E-AD26-9873F23E53CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FF5C3403-F21F-4BF8-965E-2E4714D525AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C6132DF4-B9A7-43A2-A477-F09CA2A19E7F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{26439AF3-0A73-4278-8F00-917850775D4E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{704AEAEE-062F-41C8-9319-7AA7FE443046}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7326EBB9-BD2A-4140-A5CA-47D7CB5C8024}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{2B9A5A6A-F5A5-4CEC-97C2-CC1FAF2E2F49}] => (Allow) LPort=5357
FirewallRules: [{E33A4701-FF6B-4CA5-85B9-513BE94D1C20}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{26C749B8-53A8-4243-B811-A1F346B4D19C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99BD8D72-E8D3-45D2-B859-383BB8304962}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A45BF40A-BFB2-40F4-AB4A-C51A87D33794}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2015 09:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/02/2015 05:57:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x000006ba
Fault offset: 0x00014598
Faulting process id: 0x1f4
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5

Error: (07/02/2015 05:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x000006ba
Fault offset: 0x00014598
Faulting process id: 0x1214
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1484

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 919265

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 919265

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 08:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484


System errors:
=============
Error: (07/06/2015 10:05:59 PM) (Source: DCOM) (EventID: 10010) (User: LYNNSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/06/2015 09:42:15 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/06/2015 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/06/2015 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/06/2015 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/06/2015 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/06/2015 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/06/2015 09:41:02 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/06/2015 09:37:52 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/06/2015 09:37:52 PM) (Source: DCOM) (EventID: 10005) (User: LYNNSPC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================
Error: (07/06/2015 09:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/02/2015 05:57:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_unknown0.0.0.02a425e19KERNELBASE.dll6.3.9600.1741554504ade000006ba000145981f401d0b52b2d72d425C:\Users\lynn\AppData\Local\Temp\TMP567~1\setup.exeC:\Windows\SYSTEM32\KERNELBASE.dll76538cfc-211e-11e5-828d-1458d011bf92

Error: (07/02/2015 05:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_unknown0.0.0.02a425e19KERNELBASE.dll6.3.9600.1741554504ade000006ba00014598121401d0b52b22b83f06C:\Users\lynn\AppData\Local\Temp\TMP567~1\setup.exeC:\Windows\SYSTEM32\KERNELBASE.dll646f8820-211e-11e5-828d-1458d011bf92

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1484

Error: (07/02/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 919265

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 919265

Error: (07/02/2015 00:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 08:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484


==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 30%
Total physical RAM: 3528.98 MB
Available physical RAM: 2454.62 MB
Total Virtual: 7112.98 MB
Available Virtual: 5835.43 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:675.44 GB) (Free:635.45 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.17 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D150C6EE)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

A few items to address, left over entries otherwise you look clean...

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF user.js: detected! => C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default\user.js [2015-07-02]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
Task: {883D9458-68FF-43FD-A3DB-1C75826AB62A} - \Run_dregol No Task File <==== ATTENTION
Task: {F2E58BD8-25DD-4896-9F23-DBC0B6E2A381} - \Super Optimizer Schedule No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\lynn\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • Fixlog.txt, that will be found on the desktop after fix has run
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#3
sl962

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Thank You Zep516... Here are the logs you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by lynn at 2015-07-08 18:28:55 Run:1
Running from C:\Users\lynn\Desktop
Loaded Profiles: lynn (Available Profiles: lynn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF user.js: detected! => C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default\user.js [2015-07-02]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
Task: {883D9458-68FF-43FD-A3DB-1C75826AB62A} - \Run_dregol No Task File <==== ATTENTION
Task: {F2E58BD8-25DD-4896-9F23-DBC0B6E2A381} - \Super Optimizer Schedule No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\lynn\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\hx334q5k.default\user.js => moved successfully.
McAPExe => Service removed successfully
McMPFSvc => Service removed successfully
McNaiAnn => Service removed successfully
mfecore => Service removed successfully
MSK80Service => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{883D9458-68FF-43FD-A3DB-1C75826AB62A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{883D9458-68FF-43FD-A3DB-1C75826AB62A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_dregol" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2E58BD8-25DD-4896-9F23-DBC0B6E2A381}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2E58BD8-25DD-4896-9F23-DBC0B6E2A381}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => key removed successfully
C:\Users\lynn\OneDrive => ":ms-properties" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D88E8B99-201C-4C96-9921-26600676BFCC}.
Unable to cancel {A60086E5-28B8-44D5-B947-82E017263479}.
0 out of 2 jobs canceled.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 687.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:30:58 ====

 

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 18:37:02
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : lynn - LYNNSPC
# Running from : C:\Users\lynn\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\4319e11c000011d9
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\DriverRestore

***** [ Scheduled tasks ] *****

Task Deleted : DriverRestore_DailyScan
Task Deleted : DriverRestore_ScheduledScan

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\9c808517-afe8-61e7-85ad-eab74d464330
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverRestore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dregol.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1943 bytes] - [08/07/2015 18:34:44]
AdwCleaner[S0].txt - [1755 bytes] - [08/07/2015 18:37:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1814  bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.7 (07.08.2015:2)
OS: Windows 8.1 x64
Ran by lynn on Wed 07/08/2015 at 18:45:02.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\lynn\AppData\Roaming\mozilla\firefox\profiles\hx334q5k.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/08/2015 at 18:47:59.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#5
sl962

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Here is the log from Security Check...

 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     18.0.0.194  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

Thanx again for all your help
 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Very good.
Laptop looks clean now.
Lets remove all the tools I just had you download and the log files, delete the restore points and create a new one by following the exercise below:

I'll check the log and then close this topic.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#7
sl962

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Here is the Delfix log. Thank You again for all your help

 

# DelFix v1.010 - Logfile created 08/07/2015 at 19:20:22
# Updated 26/04/2015 by Xplode
# Username : lynn - LYNNSPC
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\lynn\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #43 [Scheduled Checkpoint | 06/18/2015 21:44:03]
Deleted : RP #44 [Windows Update | 06/24/2015 19:13:22]
Deleted : RP #45 [Scheduled Checkpoint | 07/05/2015 19:43:03]
Deleted : RP #46 [Removed HP SimplePass | 07/07/2015 05:04:42]
Deleted : RP #48 [Restore Point Created by FRST | 07/09/2015 01:28:57]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You're welcome, closing topic.....


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP