Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Repeated Norton Power Eraser message popping up [Solved]


  • This topic is locked This topic is locked

#1
fiarsgirl

fiarsgirl

    Member

  • Member
  • PipPip
  • 14 posts

We keep getting a security alert message saying that a large amount of outgoing information is detected and suggesting to run the Norton Power Eraser.  We have run it multiple times and keep getting the message, so much so that we started to just ignore it.  Yesterday we got a message from our internet provider, "Cox has identified that one or more computers/ devices behind your cable modem maybe infected with the FakeSecSen or "Spy Sheriff" Virus. A device behind your cable modem appears to have connected to a command and control server affiliated with this malware."  We ran the Microsoft Safety Scanner, the Norton Power Eraser again and did a full scan by the Norton program on our computer, but everything shows we are clean. Even doing all that though, we still get the power eraser pop-up though so we're afraid we're still infected. Thank you in advance for your help!

 

FRST's notes from the scan are:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by LeeAnn (administrator) on FIARSGIRL on 16-07-2015 15:24:45
Running from C:\Users\LeeAnn\Desktop
Loaded Profiles: LeeAnn (Available Profiles: LeeAnn)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [LGODDFU] =>  blrun
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-08] (Google Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\LeeAnn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Amazon Music] => C:\Users\LeeAnn\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [GoogleChromeAutoLaunch_13B6F06E97F6F81E2CFD9F5D3C09F313] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-19] (Google Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19918656 2015-03-04] (NTeWORKS)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [OneDrive] => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-20] (Microsoft Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Dropbox Update] => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [394624 2014-06-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-10-24]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-02-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupon...q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: No Name -> {9F68C126-025C-4826-860B-3EE8087C04CA} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: No Name -> {DD8479FC-99FE-417D-91A0-2E2CF019D60E} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B7C73190-F3F5-44F1-BFBC-3C197E7F9063}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D39EF1C2-05EA-45C5-BCA3-DAB70A81F453}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF ProfilePath: C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3267664469-1772823897-2773109325-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\LeeAnn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-02] (Amazon.com, Inc.)
FF Extension: ADB Helper - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
FF Extension: bestadblocker - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
FF Extension: bestadblocker - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
FF Extension: CutiTohePrice - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
FF Extension: FireFTP - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-16]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-02]
CHR Extension: (Profile Visitors for ) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2015-07-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
S3 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe [282016 2015-06-17] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R3 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-03] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150716.001\IDSvia64.sys [692984 2015-07-02] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-03] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605000.07C\SymELAM.sys [23568 2015-06-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-03] (Symantec Corporation)
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 15:24 - 2015-07-16 15:25 - 00027752 _____ C:\Users\LeeAnn\Desktop\FRST.txt
2015-07-16 15:24 - 2015-07-16 15:24 - 00000000 ____D C:\FRST
2015-07-16 15:23 - 2015-07-16 15:23 - 02133504 _____ (Farbar) C:\Users\LeeAnn\Desktop\frst64.exe
2015-07-16 13:58 - 2015-07-16 13:59 - 189383448 _____ (Microsoft Corporation) C:\Users\LeeAnn\Downloads\msert(1).exe
2015-07-16 13:57 - 2015-07-16 13:59 - 189383448 _____ (Microsoft Corporation) C:\Users\LeeAnn\Downloads\msert.exe
2015-07-16 08:45 - 2015-07-16 08:45 - 00284768 _____ C:\Windows\Minidump\071615-72828-01.dmp
2015-07-16 08:09 - 2015-07-16 08:07 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-16 08:07 - 2015-07-16 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-16 08:07 - 2015-07-16 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-16 02:47 - 2015-07-16 02:47 - 00284768 _____ C:\Windows\Minidump\071615-59437-01.dmp
2015-07-16 01:39 - 2015-07-16 01:39 - 00284768 _____ C:\Windows\Minidump\071615-141718-01.dmp
2015-07-16 01:37 - 2015-07-16 01:37 - 00000000 __SHD C:\found.002
2015-07-15 21:34 - 2015-07-15 21:34 - 00000000 ___HD C:\OneDriveTemp
2015-07-15 21:33 - 2015-07-15 21:33 - 00000000 ____D C:\NPE
2015-07-15 21:30 - 2015-07-15 21:30 - 03088296 _____ (Symantec Corporation) C:\Users\LeeAnn\Downloads\NPE.exe
2015-07-12 21:05 - 2015-07-12 21:05 - 00044570 _____ C:\Users\LeeAnn\Downloads\1841D4-E-V-0649 (1).tif
2015-07-12 21:04 - 2015-07-12 21:05 - 00044570 _____ C:\Users\LeeAnn\Downloads\1841D4-E-V-0649.tif
2015-07-11 16:32 - 2015-07-11 16:32 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-11 16:13 - 2015-07-11 16:13 - 00000000 __SHD C:\found.001
2015-07-09 12:14 - 2015-07-09 12:14 - 00000000 __SHD C:\found.000
2015-07-08 19:35 - 2015-07-08 19:35 - 12210176 _____ C:\Users\LeeAnn\Desktop\Leeann's Quicken Data Jan 3, 2014 correct.QDF-backup
2015-07-03 14:06 - 2015-07-07 14:59 - 00000000 ____D C:\Users\LeeAnn\Desktop\New folder
2015-07-03 14:05 - 2015-07-03 14:05 - 00000000 ____D C:\Users\LeeAnn\New folder
2015-07-02 15:41 - 2015-07-16 13:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\NPE
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Windows\SysWOW64\X86
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Windows\SysWOW64\AMD64
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Program Files (x86)\Profile Visitors for
2015-07-02 15:37 - 2015-07-15 22:34 - 00000000 ____D C:\Program Files (x86)\CutiTohePrice
2015-07-02 15:37 - 2015-07-02 15:40 - 00000000 ____D C:\ProgramData\12670974670503140408
2015-07-02 15:35 - 2015-07-02 15:35 - 00000000 ____D C:\ProgramData\nmodnnbhlabcjogacfacacdmlmabpchi
2015-07-02 15:34 - 2015-07-02 15:34 - 00000000 ____D C:\ProgramData\{e30aebb7-9b31-38f8-e30a-aebb79b3aede}
2015-07-02 12:06 - 2015-07-02 12:06 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-02 11:55 - 2015-07-02 11:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-02 11:48 - 2015-07-02 11:49 - 00284712 _____ C:\Windows\Minidump\070215-121203-01.dmp
2015-07-02 11:23 - 2015-07-02 11:55 - 00002266 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Open Download Manager
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-06-24 15:17 - 2015-06-24 15:17 - 00014246 _____ C:\Users\LeeAnn\Documents\Items in trailer packing.xlsx
2015-06-23 13:42 - 2015-06-23 18:20 - 00000000 ____D C:\Users\LeeAnn\Desktop\Rachel's pics
2015-06-22 13:36 - 2015-07-16 14:41 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA.job
2015-06-22 13:36 - 2015-07-16 13:41 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core.job
2015-06-22 13:36 - 2015-06-22 13:36 - 00003890 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA
2015-06-22 13:36 - 2015-06-22 13:36 - 00003510 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core
2015-06-22 13:36 - 2015-06-22 13:36 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\Dropbox
2015-06-22 13:36 - 2015-06-22 13:36 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-20 10:29 - 2015-07-16 14:40 - 00000000 ___RD C:\Users\LeeAnn\OneDrive
2015-06-20 10:29 - 2015-06-20 10:29 - 00002269 _____ C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-06-20 10:28 - 2015-06-20 10:28 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-06-16 13:14 - 2015-06-16 13:14 - 00000000 ____D C:\Users\LeeAnn\awstats-7.3
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 15:13 - 2013-01-04 21:12 - 00000344 _____ C:\Windows\lgfwup.ini
2015-07-16 15:13 - 2013-01-04 21:12 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-07-16 15:11 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 14:38 - 2014-02-19 13:21 - 00003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-07-16 14:38 - 2014-01-06 21:46 - 00003114 _____ C:\Windows\System32\Tasks\ASUS Live Update
2015-07-16 14:38 - 2012-12-11 22:00 - 00003056 _____ C:\Windows\System32\Tasks\ASUS P4G
2015-07-16 14:38 - 2012-11-10 10:27 - 00003028 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-07-16 14:37 - 2012-12-11 19:40 - 00000500 _____ C:\Users\LeeAnn\AppData\Roaming\sp_data.sys
2015-07-16 14:32 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 14:30 - 2012-11-10 10:31 - 01745834 _____ C:\Windows\WindowsUpdate.log
2015-07-16 08:49 - 2015-03-02 15:15 - 00000000 ___RD C:\Users\LeeAnn\Dropbox
2015-07-16 08:49 - 2015-03-02 15:08 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Dropbox
2015-07-16 08:45 - 2013-01-24 13:56 - 00000000 ____D C:\Windows\Minidump
2015-07-16 08:37 - 2015-03-20 10:26 - 00000000 ____D C:\Program Files (x86)\PicPick
2015-07-16 08:37 - 2012-11-10 10:21 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-07-16 08:13 - 2015-03-04 12:04 - 00000000 ____D C:\ProgramData\Oracle
2015-07-16 08:05 - 2012-12-28 19:19 - 00988672 ___SH C:\Users\LeeAnn\Downloads\Thumbs.db
2015-07-16 07:55 - 2012-12-23 12:32 - 00573952 ___SH C:\Users\LeeAnn\Documents\Thumbs.db
2015-07-16 04:48 - 2012-07-26 00:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 04:08 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:41 - 2015-03-24 15:31 - 00462024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 03:40 - 2014-12-12 18:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:40 - 2014-07-22 15:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 03:39 - 2012-07-26 01:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 03:10 - 2013-01-05 22:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 21:34 - 2012-12-11 21:24 - 00398336 ___SH C:\Users\LeeAnn\Desktop\Thumbs.db
2015-07-15 21:32 - 2012-08-01 18:20 - 00908422 _____ C:\Windows\PFRO.log
2015-07-15 21:31 - 2012-07-25 22:26 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-07-15 15:53 - 2013-03-04 16:50 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\.minecraft
2015-07-15 14:51 - 2013-08-19 13:22 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:50 - 2013-01-08 12:42 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-15 14:50 - 2012-08-04 18:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-15 14:48 - 2015-03-04 10:30 - 00000000 ____D C:\Users\LeeAnn\Documents\Dental work
2015-07-15 14:48 - 2015-01-02 20:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 16:34 - 2012-12-11 19:44 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3267664469-1772823897-2773109325-1001
2015-07-13 09:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-11 16:17 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-06 14:34 - 2014-12-12 18:13 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 14:34 - 2014-12-12 18:13 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-04 17:45 - 2012-12-11 20:06 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\CrashDumps
2015-07-03 14:05 - 2012-12-11 19:36 - 00000000 ____D C:\Users\LeeAnn
2015-07-03 08:43 - 2012-12-12 15:50 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 15:52 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-02 15:43 - 2012-12-11 21:23 - 00000000 ____D C:\ProgramData\Norton
2015-07-02 11:55 - 2014-11-16 12:45 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-02 11:55 - 2014-11-16 12:37 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-02 11:26 - 2014-11-16 12:45 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-02 11:26 - 2014-11-16 12:45 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-02 11:26 - 2014-11-16 12:45 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-02 11:04 - 2012-12-11 21:23 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-24 16:31 - 2012-12-17 10:06 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Apple Computer
2015-06-23 13:44 - 2012-07-26 00:28 - 00005388 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 15:59 - 2014-02-19 14:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2013-05-20 15:35 - 2013-05-20 15:35 - 0000021 _____ () C:\Users\LeeAnn\AppData\Roaming\my_intel.sys
2012-12-11 19:40 - 2015-07-16 14:37 - 0000500 _____ () C:\Users\LeeAnn\AppData\Roaming\sp_data.sys
2014-04-13 12:32 - 2014-04-13 12:32 - 0009216 _____ () C:\Users\LeeAnn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-08 11:24 - 2013-01-08 12:40 - 0002096 _____ () C:\ProgramData\hpzinstall.log
2012-10-12 15:57 - 2012-10-12 15:57 - 4067328 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2012-08-04 18:42 - 2012-07-29 23:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 18:42 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-12-11 21:06 - 2012-12-11 21:06 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\LeeAnn\jobq.dat
 
 
Some files in TEMP:
====================
C:\Users\LeeAnn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6vvgxb.dll
C:\Users\LeeAnn\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-15 17:14
 
==================== End of log ============================
 
The Addition notes are :
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by LeeAnn at 2015-07-16 15:25:54
Running from C:\Users\LeeAnn\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3267664469-1772823897-2773109325-500 - Administrator - Disabled)
Guest (S-1-5-21-3267664469-1772823897-2773109325-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3267664469-1772823897-2773109325-1003 - Limited - Enabled)
LeeAnn (S-1-5-21-3267664469-1772823897-2773109325-1001 - Administrator - Enabled) => C:\Users\LeeAnn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
FamilySearch Indexing 3.18.3 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.18.3 - FamilySearch)
Flixster (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpg4050 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.5218a - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.5218a - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2808 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightningDownloader (HKLM-x32\...\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - LightningDownloader)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.4 - NTeWORKS)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
RootsMagic 6.3.0.2 (HKLM-x32\...\{94433E0D-764C-4964-AD0B-EC46BCA7E68E}_is1) (Version: RootsMagic 6.3.0.2 - RootsMagic, Inc.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - WebAppTech Coding, LLC) <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VideoBuzz (HKLM-x32\...\{B25D67C4-E885-43F8-8085-B532F6261529}) (Version: 1.0.0 - InstallX, LLC) <==== ATTENTION
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21173257-FC88-4CE4-83BE-24BD7DEDAA8B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {29BEBD1F-6DE1-4415-B227-406FCE482D77} - System32\Tasks\{DC5FE85D-45A7-46E9-8B18-2DF769577ADE} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
Task: {4F42EBEE-E33F-4DB8-92A7-1C6A212CD701} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {53772076-B365-410E-A0EC-B359EAA334F5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {674E22A8-71A3-4FEB-B843-90D4F62455EC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {A46AE993-CD4C-47D3-BB6C-73F918666384} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {B0BEF4B7-86F6-4275-84C9-E0CE30F73427} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C191D8EF-BFD6-48EE-B81A-4429DB340AFD} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-29] (AsusTek)
Task: {CC1ED32A-0108-4FCF-9219-701DE0852CEE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {D1524FF1-7DEB-4AF8-8772-A6135D4734F6} - System32\Tasks\{609C94C8-AC9B-423E-92B0-C26E7BFEC33F} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {DE9DBB09-4491-48B7-8706-994CD8188104} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E40D5F68-AAC0-46C1-BD82-51098086ECB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E696FDE9-CA97-4290-9423-398E00BF95DE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {EECBFE77-8079-4A01-847A-E2AC04D26EA5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {F8EA2B1D-11E4-426A-8B9B-43F41DC1AB08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {FF8585CD-23F1-4E9B-994E-B74798E9DF20} - System32\Tasks\{F71B94B0-13E1-462C-9D35-A1BC9F7D3176} => pcalua.exe -a E:\Setup.exe -d E:\
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core.job => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA.job => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-06-02 21:34 - 2013-06-02 21:35 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-22 04:17 - 2012-07-30 04:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe
2012-08-10 19:28 - 2012-08-10 19:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-10 10:17 - 2012-09-17 19:47 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-11-10 10:17 - 2012-09-17 19:47 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 21:21 - 2011-11-23 21:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-11-10 10:16 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-06-22 15:59 - 2015-06-19 22:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 15:59 - 2015-06-19 22:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzsetup.lnk => C:\Windows\pss\hpzsetup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^LeeAnn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSQuickGesture(x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
MSCONFIG\startupreg: ASUSQuickGesture(x86) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
MSCONFIG\startupreg: ASUSTPLoader(x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: DptfPolicyLpmServiceHelper => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: PowerSkin => c:\windows\temp\PowerSkin\PowerSkin.exe
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VIAAUD => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "Dropbox Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EF5E1F7C-86E5-4597-849D-BC3849D3943A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DAF54B4C-C5FD-4BB0-A267-DD27DB0C1FA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5A9A173-8CA4-4D01-96BC-CFAFBBA5B035}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F47A11E5-E5BD-48F5-9D5A-D56DBF35112F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{127229DA-59F4-4DB9-A473-183C016E597B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{358CCE61-2E9C-4968-95A3-0DD99FA38153}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{75EC5517-58A5-4570-8CD0-349EBE75538E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F20D3325-2CE3-44AE-A27C-5241646F1CA3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{59D1695C-4361-4BF1-A6C9-1E44C5B0CD92}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{389F102A-C489-48BC-918F-CD6F3988BDD4}] => (Allow) C:\Users\LeeAnn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B8047CC7-B3D3-4995-8E32-9843844CA6DC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA6331CF-D13E-40B5-9EE7-D0C026C04577}] => (Allow) LPort=2869
FirewallRules: [{EB0B0BC5-F1BC-4D95-AAFB-89B786B02675}] => (Allow) LPort=1900
FirewallRules: [{F5A9774D-B93A-4FA3-851D-61F6EE141222}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7DB3D02C-0266-462F-B71E-26F55D1D0B25}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{92F52334-C7C2-4206-AB29-548BB9B5A041}] => (Allow) C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6E3EF6EA-0D00-4B02-AB87-1928F0F6B83C}] => (Allow) C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D61DC4A1-9489-4EE0-BD4B-A2ADA6EE6520}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E681272B-A41C-40A3-BAEF-FFB0C8B81F91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C29D532A-A484-45F0-93C2-320409E5FB9E}C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B70EFAF8-E8DA-4BB0-8CA3-34CAADE83466}C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A509839D-DF40-4847-97F3-45537DB6202F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C705D965-1EB0-4419-A777-07F26E8EC31C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{080C1D0F-2DAF-4953-B5FC-4A7BF575D0B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8092354E-4291-4EF1-A05A-FE8E86677331}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2BFA38C8-E95B-4878-8E91-D9B4BBFF3893}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{FBE65968-1A3E-44DD-B477-417D57A95A3E}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{58BC9206-9639-4E2D-8D0E-A4077BA06D51}] => (Allow) C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9BD78F5E-FB01-495F-972C-02988EDDB0B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/16/2015 02:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1714
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
 
Error: (07/16/2015 02:38:07 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (07/16/2015 02:38:07 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (07/16/2015 08:49:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1864
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
 
Error: (07/16/2015 08:48:52 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (07/16/2015 08:48:52 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (07/16/2015 08:39:45 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9a66c9a4-1aaf-4b22-a8c4-764c83987491}
 
Error: (07/16/2015 07:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1a6c
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
 
Error: (07/16/2015 07:46:47 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (07/16/2015 07:46:47 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
 
System errors:
=============
Error: (07/16/2015 02:37:16 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000044a5c.  The name of the file is "\Windows\System32\wbem\Performance".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (07/16/2015 02:36:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/16/2015 02:32:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:22:21 PM on ‎7/‎16/‎2015 was unexpected.
 
Error: (07/16/2015 08:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/16/2015 08:45:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa800b0783a0, 0x000000006695a000)C:\Windows\MEMORY.DMP071615-72828-01
 
Error: (07/16/2015 08:45:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:18:14 AM on ‎7/‎16/‎2015 was unexpected.
 
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB3070102).
 
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB3061421).
 
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2976978).
 
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB3069392).
 
 
Microsoft Office:
=========================
Error: (03/12/2015 03:36:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 259213 seconds with 2820 seconds of active time.  This session ended with a crash.
 
Error: (11/11/2014 10:20:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 165806 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error: (04/27/2014 01:31:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/27/2014 01:30:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/26/2013 03:38:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/26/2013 03:37:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/26/2013 03:37:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84261 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2013 03:48:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 388 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2013 03:41:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4056 seconds with 780 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 54%
Total physical RAM: 3981.59 MB
Available physical RAM: 1801.73 MB
Total Virtual: 8077.59 MB
Available Virtual: 5567.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:24.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:107.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CDFAD22C)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Hello, let's get started showing your unwelcome guests the door, shall we? :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Reinstallation

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • bestadblocker
  • Internet Updater
  • Updater
  • VideoBuzz
  • Yontoo 1.10.03
Re-Install Google Chrome

Unfortunately, the malware infection has changed your Chrome browser into the Development Build. This greatly lowers the security of the browser and allows malware to install any extension it pleases. We need to resolve this immediately.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chromevia the Control Panel.
Note: When asked about user data or settings you must remove this also, so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome.
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
C:\ProgramData\Updater
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaspamnager\odm.exe -autorun
C:\Program Files (x86)\OpenDownloaspamnager
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupon...q={searchTerms}
BHO: No Name -> {9F68C126-025C-4826-860B-3EE8087C04CA} -> No File
BHO: No Name -> {DD8479FC-99FE-417D-91A0-2E2CF019D60E} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Extension: CutiTohePrice - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
U0 msahci; No ImagePath
C:\ProgramData\uninstaller.exe
C:\Users\LeeAnn\jobq.dat
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

  • 0

#3
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thank you so much for volunteering to help me! I really appreciate it!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by LeeAnn at 2015-07-18 10:41:35 Run:1
Running from C:\Users\LeeAnn\Desktop
Loaded Profiles: LeeAnn (Available Profiles: LeeAnn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
C:\ProgramData\Updater
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaspamnager\odm.exe -autorun
C:\Program Files (x86)\OpenDownloaspamnager
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupon...q={searchTerms}
BHO: No Name -> {9F68C126-025C-4826-860B-3EE8087C04CA} -> No File
BHO: No Name -> {DD8479FC-99FE-417D-91A0-2E2CF019D60E} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Extension: CutiTohePrice - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] [2015-07-07]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
U0 msahci; No ImagePath
C:\ProgramData\uninstaller.exe
C:\Users\LeeAnn\jobq.dat
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Updater => value removed successfully
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => value removed successfully
"C:\ProgramData\Updater" => File/Folder not found.
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => value removed successfully
"C:\Program Files (x86)\OpenDownloaspamnager" => File/Folder not found.
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found. 
"HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}" => key removed successfully
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F68C126-025C-4826-860B-3EE8087C04CA}" => key removed successfully
HKCR\CLSID\{9F68C126-025C-4826-860B-3EE8087C04CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD8479FC-99FE-417D-91A0-2E2CF019D60E}" => key removed successfully
HKCR\CLSID\{DD8479FC-99FE-417D-91A0-2E2CF019D60E} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value removed successfully
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => key removed successfully
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value removed successfully
HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected] => moved successfully.
gupdate => Service removed successfully
gupdatem => Service removed successfully
msahci => Service removed successfully
C:\ProgramData\uninstaller.exe => moved successfully.
C:\Users\LeeAnn\jobq.dat => moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.5 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:50:02 ====

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Thank you so much for volunteering to help me! I really appreciate it!


You're very welcome, let's continue. :) :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit to your Desktop
  • Double-click the icon to start the tool.
  • It will ask you where to extract it. Extracting to the Desktop will be fine. Then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next".
  • In the next window, make sure that Drivers, Sectors, and System are checked. Then click "Scan".
  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  • Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
  • The Clean up procedure will be Scheduled for process.
  • When complete, the pop-up window will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  • Open the MBAR folder, which is located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

MBAR Logs

  • 0

#5
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8 x64
Ran by LeeAnn on Sat 07/18/2015 at 13:05:13.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898.1

 

~~~ Files

Successfully deleted: [File] C:\Users\LeeAnn\AppData\Roaming\my_intel.sys
Successfully deleted: [File] C:\Users\LeeAnn\AppData\Roaming\sp_data.sys
Successfully deleted: [File] C:\ProgramData\SMRResults501.dat

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\tarma installer
Successfully deleted: [Folder] C:\Users\LeeAnn\Appdata\LocalLow\toolbar4
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Windows\SysWOW64\amd64
Successfully deleted: [Folder] C:\Windows\SysWOW64\x86
Successfully deleted: [Folder] C:\ProgramData\12670974670503140408

 

~~~ FireFox

Successfully deleted the following from C:\Users\LeeAnn\AppData\Roaming\mozilla\firefox\profiles\8pui9obu.default\prefs.js

user_pref(extensions.Ikbtvml4CYxp157y.scode, (function(){try{if(window.location.href.indexOf(\rjrHqHCHrdsHqHn5qTn8rjwFpn\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.JnJnHCiMGpvjKw0C.scode, (function(){try{if(window.location.href.indexOf(\rjrHqHCHrdsHqHn5qTn8rjwFpn\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.Jp2qhjfulE5wWzWK.scode, (function(){try{if(window.location.href.indexOf(\rjrHqHCHrdsHqHn5qTn8rjwFpn\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.

 

~~~ Chrome

[C:\Users\LeeAnn\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\LeeAnn\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\LeeAnn\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\LeeAnn\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/18/2015 at 13:14:44.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#6
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

# AdwCleaner v4.208 - Logfile created 18/07/2015 at 13:24:31
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8  (x64)
# Username : LeeAnn - FIARSGIRL
# Running from : C:\Users\LeeAnn\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\{e30aebb7-9b31-38f8-e30a-aebb79b3aede}
Folder Deleted : C:\Program Files (x86)\CutiTohePrice
Folder Deleted : C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected]
Folder Deleted : C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\[email protected]
Folder Deleted : C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk
Folder Deleted : C:\ProgramData\nmodnnbhlabcjogacfacacdmlmabpchi

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17377

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[8pui9obu.default\prefs.js] - Line Deleted : user_pref("extensions.Ikbtvml4CYxp157y.scode", "(function(){try{if(window.location.href.indexOf(\"rjrHqHCHrdsHqHn5qTn8rjwFpn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[8pui9obu.default\prefs.js] - Line Deleted : user_pref("extensions.JnJnHCiMGpvjKw0C.scode", "(function(){try{if(window.location.href.indexOf(\"rjrHqHCHrdsHqHn5qTn8rjwFpn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[8pui9obu.default\prefs.js] - Line Deleted : user_pref("extensions.Jp2qhjfulE5wWzWK.scode", "(function(){try{if(window.location.href.indexOf(\"rjrHqHCHrdsHqHn5qTn8rjwFpn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]

-\\ Google Chrome v43.0.2357.134

[C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [10437 bytes] - [18/07/2015 13:21:59]
AdwCleaner[S0].txt - [10153 bytes] - [18/07/2015 13:24:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10213  bytes] ##########


  • 0

#7
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

The mbar scan said no clean up was required and produced no log.


  • 0

#8
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Excuse my last post--I read further where the log is.

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.18.04
  rootkit: v2015.07.17.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17413
LeeAnn :: FIARSGIRL [administrator]

7/18/2015 1:35:17 PM
mbar-log-2015-07-18 (13-35-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 406756
Time elapsed: 1 hour(s), 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

The mbar scan said no clean up was required and produced no log.


:thumbsup: Let's run some scans for any orphans or remnants and check for out of date programs. Have the alerts stopped?





Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#10
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17413

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4174995456, free: 2674348032

Downloaded database version: v2015.07.18.04
Downloaded database version: v2015.07.17.01
Downloaded database version: v2015.07.15.02
=======================================
Initializing...
------------ Kernel report ------------
     07/18/2015 13:35:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\N360x64\1605000.07C\ccSetx64.sys
\SystemRoot\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1605000.07C\Ironx64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150717.002\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150717.002\ENG64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150717.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\DptfDevProc.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\DptfDevFan.sys
\SystemRoot\system32\DRIVERS\DptfDevGen.sys
\SystemRoot\system32\DRIVERS\DptfDevPch.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\DptfDevDram.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\DptfManager.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.07.18.04
  rootkit: v2015.07.17.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005d98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005d0d300, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005d98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80044ef5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044ef7f0, DeviceName: \Device\00000045\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CDFAD22C

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 834468466
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 834468466
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 272b1762-6388-4215-a727-17f846f78473
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f8cf9fde-3933-44d4-a767-60219ef24fae
    FirstLBA 616448  Last LBA 1845247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2f6e83b7-8a24-49eb-91ce-b79681b556ad
    FirstLBA 1845248  Last LBA 2107391
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3391d0dd-52c-4a3b-a442-302fdd33563
    FirstLBA 2107392  Last LBA 392816639
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b9c9a4f1-fe1a-4c81-9561-ff56562c8df
    FirstLBA 392816640  Last LBA 934809599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2ef8acd1-833c-4056-ae4d-6b151fb7f7ee
    FirstLBA 934809600  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\QBackup\index.qbs" is sparse (flags = 32768)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


  • 0

Advertisements


#11
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Update, Bad md5 or size: akadomains, 11,
Error, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Update, Bad md5 or size: akaips, 11,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, Remediation Database, 2015.5.13.1, 2015.7.15.2,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, Rootkit Database, 2015.6.2.1, 2015.7.17.1,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, AKA Domain Database, 0.0.0.0, 2015.7.16.1,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 7/18/2015 2:47 PM, SYSTEM, FIARSGIRL, Manual, Malware Database, 2015.6.3.3, 2015.7.18.4,
Error, 7/18/2015 4:56 PM, SYSTEM, FIARSGIRL, Protection, IsLicensed, 13,
Protection, 7/18/2015 4:56 PM, SYSTEM, FIARSGIRL, Protection, Malware Protection, Stopping,
Protection, 7/18/2015 4:56 PM, SYSTEM, FIARSGIRL, Protection, Malware Protection, Stopped,

(end)


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
No worries :) Go ahead and proceed with the instructions in Post #9. :thumbsup:
  • 0

#13
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=beba0c21e18c0044a03f28d3954d5f05
# end=init
# utc_time=2015-07-19 12:25:47
# local_time=2015-07-18 05:25:47 (-0700, US Mountain Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24869
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=beba0c21e18c0044a03f28d3954d5f05
# end=updated
# utc_time=2015-07-19 12:31:58
# local_time=2015-07-18 05:31:58 (-0700, US Mountain Standard Time)
# country="United States"
# osver=6.2.9200 NT
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=beba0c21e18c0044a03f28d3954d5f05
# end=init
# utc_time=2015-07-19 12:58:22
# local_time=2015-07-18 05:58:22 (-0700, US Mountain Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24869
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=beba0c21e18c0044a03f28d3954d5f05
# end=updated
# utc_time=2015-07-19 01:01:08
# local_time=2015-07-18 06:01:08 (-0700, US Mountain Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=beba0c21e18c0044a03f28d3954d5f05
# engine=24869
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-19 03:43:52
# local_time=2015-07-18 08:43:52 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 199784017 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10908301 96697143 0 0
# scanned=371602
# found=2
# cleaned=0
# scan_time=9763
sh=4B1EAB4C170EF72020E6C6D3CAF2EA14EA027229 ft=1 fh=c8af41730faf6c98 vn="Win32/Somoto potentially unwanted application" ac=I fn="C:\Users\LeeAnn\Downloads\SmileyMonster_downloader_by_Ffonts.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
 


  • 0

#14
fiarsgirl

fiarsgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360 Premier   
Windows Defender     
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 51  
 Java version 32-bit out of Date!
 Adobe Reader 10.1.15 Adobe Reader out of Date!  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
 Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looks good, only one item to remove and some programs to update. Have the alerts stopped?

Let's eliminate that item, and update the out of date programs. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Users\LeeAnn\Downloads\SmileyMonster_downloader_by_Ffonts.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Program Updates

Update Internet Explorer

Your current version of Internet Explorer is out of date, please update it by following the link below to download the latest version.

http://windows.micro...rer/download-ie


Java Warning and Update

A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Update Firefox

Your current version of FireFox is out of date. Please update it by clicking the Help tab and then select About FireFox. FireFox will then update itself.


Things I need to see in your next post:

Fixlog.txt Log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP