Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help cleaning spyware off new laptop [Solved]


  • This topic is locked This topic is locked

#1
s0nginmyheart

s0nginmyheart

    Member

  • Member
  • PipPipPip
  • 147 posts

Hello, my fiance recently got a new (refurbished) laptop and it appears that new spyware has been popping up. I've ran MalwareBytes but the threats seem to be appearing still even after quarantine. 

 

I have run FRST and will attach the logs in following posts. Any help in cleaning this system is most appreciated. Thank you in advance!!!


  • 0

Advertisements


#2
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Derek (2015-10-14 22:43:41)
Running from C:\Users\Derek\Desktop
Windows 8.1 (X64) (2015-10-11 18:38:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1853940462-981487594-528710876-500 - Administrator - Disabled)
Derek (S-1-5-21-1853940462-981487594-528710876-1001 - Administrator - Enabled) => C:\Users\Derek
Guest (S-1-5-21-1853940462-981487594-528710876-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1853940462-981487594-528710876-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0054 - ST Microelectronics)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinWiki (HKLM-x32\...\WebWatcherInstall) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1853940462-981487594-528710876-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
11-10-2015 13:34:56 Windows Modules Installer
11-10-2015 13:35:44 Windows Modules Installer
14-10-2015 22:26:02 Installed Suite2
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {069684D6-DDEA-4846-A326-320D66ED50D6} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {0A018563-0092-4E98-ADED-E2A36912F5E6} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {1FA7935F-3F3D-40FA-A251-6D0C07D4DCDE} - System32\Tasks\Inst_Rep => C:\Users\Derek\AppData\Local\Installer\Install_8976\brakietut_tutbl_setup.exe [2015-10-11] ()
Task: {2573B87E-DFFA-4031-96E4-4BC8E684A9CA} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {36328B23-28E9-4F24-B37E-75A264206414} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-26] (Realtek Semiconductor)
Task: {37582EED-30AA-425C-AC28-7313B05E61AA} - System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {3FD38DB5-A8F5-42D2-9E12-6ABECB86EDBB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {45EBDC0C-0BAE-4E9C-BB70-3C1C070DC274} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {63D686C7-6182-41B8-9BFC-2B269F2B4643} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {919BC337-BB0F-47F9-9AB9-40D04DABD78B} - System32\Tasks\SysProgs_Controller_Mon => C:\Windows\SysProgramsController\WinWikiUpdater.exe [2015-10-07] ()
Task: {ADE0121A-8A1B-4F78-A053-58DAAFC600F8} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {B5A5957E-8499-414B-8080-A0433E389180} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {B945093F-296E-4497-8B78-02E85818121D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {CD50EF15-A8C3-4FDE-8ED5-52145D4F456C} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {D3870E89-A5CC-4F6C-9C1D-8D54C826E7FC} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {E006DB13-2DFE-4415-8A15-C056FDF0B9AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {E19A07EA-2F63-45C6-9BAF-1EDD781A369C} - System32\Tasks\Gsefeihmluga => C:\ProgramData\Gsefeihmluga\1.0.6.1\aornacuo.exe [2015-10-11] ()
Task: {EB699454-2CBC-4B70-88E5-F1E1FDF426F4} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {ECC085C7-3D46-4A1B-ACC4-A46624DB9F6C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-06-04] (Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-11 19:28 - 2015-10-11 19:28 - 00155648 _____ () C:\ProgramData\Gsefeihmluga\1.0.6.1\aornacuo.exe
2015-10-11 16:11 - 2015-10-11 16:11 - 01684480 ____N () C:\Program Files\Common Files\ShopperPro\spbici64.dll
2014-12-17 23:00 - 2012-03-10 00:51 - 00243200 _____ () C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_DT.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-12-17 23:04 - 2013-05-02 14:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-12-17 23:04 - 2013-05-02 14:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-04-30 17:33 - 2014-04-30 17:33 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-12-17 22:47 - 2013-10-23 16:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-11 16:09 - 2015-10-11 16:09 - 01333760 ____N () C:\Program Files\Common Files\ShopperPro\spbici32.dll
2015-10-11 19:23 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-11 19:23 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Derek\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1853940462-981487594-528710876-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 82.163.143.175 - 82.163.142.177
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B63B5FBD-D15C-4DCF-9528-1996896095DF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{9C94C009-5D04-41CC-880D-6E8DE5CCA075}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{7275D097-3A65-4472-B170-AF8F2CBF4C83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02711B8B-5291-4B7C-959E-7A6EBCF3DD9C}] => (Allow) C:\Users\Derek\AppData\Local\BrowserAir\Application\BrowserAir.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2015 10:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WWatcherProxy.exe, version: 2.3.6.11, time stamp: 0x5614f645
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x101e0f98
Faulting process id: 0x8ec
Faulting application start time: 0xWWatcherProxy.exe0
Faulting application path: WWatcherProxy.exe1
Faulting module path: WWatcherProxy.exe2
Report Id: WWatcherProxy.exe3
Faulting package full name: WWatcherProxy.exe4
Faulting package-relative application ID: WWatcherProxy.exe5
 
Error: (10/14/2015 10:03:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xddc
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5
 
Error: (10/14/2015 09:52:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x54dc4378
Faulting module name: alvupdt.dll, version: 1.0.0.10, time stamp: 0x5510b8fc
Exception code: 0xc0000005
Fault offset: 0x000110ad
Faulting process id: 0x2098
Faulting application start time: 0xUpdateChecker.exe0
Faulting application path: UpdateChecker.exe1
Faulting module path: UpdateChecker.exe2
Report Id: UpdateChecker.exe3
Faulting package full name: UpdateChecker.exe4
Faulting package-relative application ID: UpdateChecker.exe5
 
Error: (10/14/2015 09:43:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xea8
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5
 
Error: (10/14/2015 09:42:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 17.0.0.0, time stamp: 0x52d9e32d
Faulting module name: MurocApi.dll, version: 17.0.0.0, time stamp: 0x52d9e279
Exception code: 0xc0000005
Fault offset: 0x000000000002bd48
Faulting process id: 0xa00
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5
 
Error: (10/14/2015 08:37:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x1cbc
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5
 
Error: (10/11/2015 07:30:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2015 07:30:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2015 07:30:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2015 07:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x561ad07a
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x1d68
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5
 
 
System errors:
=============
Error: (10/14/2015 10:20:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
Error: (10/14/2015 10:20:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WWatcherProxy service failed to start due to the following error: 
%%1053
 
Error: (10/14/2015 10:20:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WWatcherProxy service to connect.
 
Error: (10/14/2015 10:20:26 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP)
Description: 1053WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
Error: (10/14/2015 10:20:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WWatcherProxy service failed to start due to the following error: 
%%1053
 
Error: (10/14/2015 10:20:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WWatcherProxy service to connect.
 
Error: (10/14/2015 10:20:15 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP)
Description: 1053WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
Error: (10/14/2015 10:20:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WWatcherProxy service failed to start due to the following error: 
%%1053
 
Error: (10/14/2015 10:20:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WWatcherProxy service to connect.
 
Error: (10/14/2015 10:20:11 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP)
Description: 1053WWatcherProxy-Service{3A9C223B-F390-430D-A334-990BC5E729AB}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 28%
Total physical RAM: 8075.43 MB
Available physical RAM: 5752.67 MB
Total Virtual: 9995.43 MB
Available Virtual: 7366.29 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:409.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (CENTON USB) (Removable) (Total:3.7 GB) (Free:3.63 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A820219A)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End of Addition.txt ============================

  • 0

#3
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

The FRST log doesn't seem to be posting (after multiple attempts) so I have attached the txt file

Attached Files

  • Attached File  FRST.txt   498.72KB   119 downloads

Edited by s0nginmyheart, 14 October 2015 - 10:03 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets get you tidied up :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Winsock: Catalog9 01 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 16 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 01 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 02 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 03 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 04 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 16 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
CHR HomePage: Default -> hxxp://www-searching.com/?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-11] (ShopperPro)
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1738208 2015-10-07] (WWatcher)
R1 ppfd_vw_1_10_0_24; C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys [57744 2015-09-02] (PhraseProfessor)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-11] ()
2015-10-14 21:53 - 2015-10-14 21:52 - 00014080 _____ (Microsoft) C:\Users\Derek\AppData\Roaming\LaunchBrowser_ed.exe
2015-10-14 21:52 - 2015-10-14 21:52 - 00000000 ____D C:\Users\Derek\AppData\Local\speed browser
2015-10-14 21:47 - 2015-10-14 21:47 - 00000000 ____D C:\ProgramData\Browser
2015-10-11 19:30 - 2015-10-11 19:30 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-10-11 19:29 - 2015-10-14 22:36 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:30 - 00000000 ____D C:\Users\Derek\AppData\Local\BrowserAir
2015-10-11 19:29 - 2015-10-11 19:29 - 00004230 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241
2015-10-11 19:29 - 2015-10-11 19:29 - 00003564 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\ProgramData\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\ProgramData\SearchModule
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-10-11 19:28 - 2015-10-14 22:18 - 00000000 ____D C:\Program Files (x86)\PhraseProfessor_1.10.0.24
2015-10-11 19:28 - 2015-10-14 22:07 - 00003442 _____ C:\Windows\System32\Tasks\Gsefeihmluga
2015-10-11 19:28 - 2015-10-11 19:28 - 00004200 _____ C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core
2015-10-11 19:28 - 2015-10-11 19:28 - 00003524 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-10-11 19:28 - 2015-10-11 19:28 - 00000000 ____D C:\ProgramData\Gsefeihmluga
2015-10-11 19:22 - 2015-10-14 21:42 - 00008920 _____ C:\Windows\SysWOW64\WWatcherProxyOff.ini
2015-10-11 19:22 - 2015-10-11 19:22 - 00004086 _____ C:\Windows\System32\Tasks\SysProgs_Controller_Mon
2015-10-11 19:22 - 2015-10-11 19:22 - 00000000 ____D C:\Windows\SysProgramsController
2015-10-11 19:22 - 2015-10-11 19:22 - 00000000 ____D C:\Program Files (x86)\WinWiki
2015-10-11 19:22 - 2015-10-07 13:00 - 00342032 ____N (WWatcher) C:\Windows\system32\WWatcherLSP64.dll
2015-10-11 19:22 - 2015-10-07 13:00 - 00295888 ____N (WWatcher) C:\Windows\SysWOW64\WWatcherLSP.dll
2015-10-11 14:03 - 2015-10-14 21:51 - 00000000 __SHD C:\Users\Derek\AppData\LocalLow\EmieUserList
2015-10-11 13:51 - 2015-10-14 22:11 - 00000000 __SHD C:\Users\Derek\AppData\Local\EmieUserList
2015-10-11 13:51 - 2015-10-14 22:11 - 00000000 __SHD C:\Users\Derek\AppData\Local\EmieSiteList
2015-10-11 13:50 - 2015-10-14 21:51 - 00000000 __SHD C:\Users\Derek\AppData\LocalLow\EmieSiteList
2014-12-17 23:04 - 2014-03-25 20:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-14 23:43 - 2014-03-26 15:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-14 23:43 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-14 23:43 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Task: {0A018563-0092-4E98-ADED-E2A36912F5E6} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {37582EED-30AA-425C-AC28-7313B05E61AA} - System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {63D686C7-6182-41B8-9BFC-2B269F2B4643} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {CD50EF15-A8C3-4FDE-8ED5-52145D4F456C} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {E19A07EA-2F63-45C6-9BAF-1EDD781A369C} - System32\Tasks\Gsefeihmluga => C:\ProgramData\Gsefeihmluga\1.0.6.1\aornacuo.exe [2015-10-11] ()
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\Win
C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys
C:\Program Files (x86)\PhraseProfessor_1.10.0.24
C:\Program Files (x86)\ShopperPro
C:\ProgramData\Gsefeihmluga
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by Derek (2015-10-15 20:36:54) Run:1
Running from C:\Users\Derek\Desktop
Loaded Profiles: Derek (Available Profiles: Derek)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Winsock: Catalog9 01 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9 16 C:\Windows\SysWOW64\WWatcherLSP.dll [295888 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 01 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 02 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 03 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 04 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
Winsock: Catalog9-x64 16 C:\Windows\system32\WWatcherLSP64.dll [342032 2015-10-11] (WWatcher)
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
CHR HomePage: Default -> hxxp://www-searching.com/?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FACztutbl012,c320b0b2-420d-4354-9845-ba763fbfa805,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-11] (ShopperPro)
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1738208 2015-10-07] (WWatcher)
R1 ppfd_vw_1_10_0_24; C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys [57744 2015-09-02] (PhraseProfessor)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-11] ()
2015-10-14 21:53 - 2015-10-14 21:52 - 00014080 _____ (Microsoft) C:\Users\Derek\AppData\Roaming\LaunchBrowser_ed.exe
2015-10-14 21:52 - 2015-10-14 21:52 - 00000000 ____D C:\Users\Derek\AppData\Local\speed browser
2015-10-14 21:47 - 2015-10-14 21:47 - 00000000 ____D C:\ProgramData\Browser
2015-10-11 19:30 - 2015-10-11 19:30 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-10-11 19:29 - 2015-10-14 22:36 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:30 - 00000000 ____D C:\Users\Derek\AppData\Local\BrowserAir
2015-10-11 19:29 - 2015-10-11 19:29 - 00004230 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241
2015-10-11 19:29 - 2015-10-11 19:29 - 00003564 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\ProgramData\ShopperPro
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\ProgramData\SearchModule
2015-10-11 19:29 - 2015-10-11 19:29 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-10-11 19:28 - 2015-10-14 22:18 - 00000000 ____D C:\Program Files (x86)\PhraseProfessor_1.10.0.24
2015-10-11 19:28 - 2015-10-14 22:07 - 00003442 _____ C:\Windows\System32\Tasks\Gsefeihmluga
2015-10-11 19:28 - 2015-10-11 19:28 - 00004200 _____ C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core
2015-10-11 19:28 - 2015-10-11 19:28 - 00003524 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-10-11 19:28 - 2015-10-11 19:28 - 00000000 ____D C:\ProgramData\Gsefeihmluga
2015-10-11 19:22 - 2015-10-14 21:42 - 00008920 _____ C:\Windows\SysWOW64\WWatcherProxyOff.ini
2015-10-11 19:22 - 2015-10-11 19:22 - 00004086 _____ C:\Windows\System32\Tasks\SysProgs_Controller_Mon
2015-10-11 19:22 - 2015-10-11 19:22 - 00000000 ____D C:\Windows\SysProgramsController
2015-10-11 19:22 - 2015-10-11 19:22 - 00000000 ____D C:\Program Files (x86)\WinWiki
2015-10-11 19:22 - 2015-10-07 13:00 - 00342032 ____N (WWatcher) C:\Windows\system32\WWatcherLSP64.dll
2015-10-11 19:22 - 2015-10-07 13:00 - 00295888 ____N (WWatcher) C:\Windows\SysWOW64\WWatcherLSP.dll
2015-10-11 14:03 - 2015-10-14 21:51 - 00000000 __SHD C:\Users\Derek\AppData\LocalLow\EmieUserList
2015-10-11 13:51 - 2015-10-14 22:11 - 00000000 __SHD C:\Users\Derek\AppData\Local\EmieUserList
2015-10-11 13:51 - 2015-10-14 22:11 - 00000000 __SHD C:\Users\Derek\AppData\Local\EmieSiteList
2015-10-11 13:50 - 2015-10-14 21:51 - 00000000 __SHD C:\Users\Derek\AppData\LocalLow\EmieSiteList
2014-12-17 23:04 - 2014-03-25 20:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-14 23:43 - 2014-03-26 15:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-14 23:43 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-14 23:43 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Task: {0A018563-0092-4E98-ADED-E2A36912F5E6} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {37582EED-30AA-425C-AC28-7313B05E61AA} - System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {63D686C7-6182-41B8-9BFC-2B269F2B4643} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {CD50EF15-A8C3-4FDE-8ED5-52145D4F456C} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {E19A07EA-2F63-45C6-9BAF-1EDD781A369C} - System32\Tasks\Gsefeihmluga => C:\ProgramData\Gsefeihmluga\1.0.6.1\aornacuo.exe [2015-10-11] ()
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\Win
C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys
C:\Program Files (x86)\PhraseProfessor_1.10.0.24
C:\Program Files (x86)\ShopperPro
C:\ProgramData\Gsefeihmluga
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 => key not found. 
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016 => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKU\S-1-5-21-1853940462-981487594-528710876-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1853940462-981487594-528710876-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1853940462-981487594-528710876-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1853940462-981487594-528710876-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => not found.
SPBIUpd => service not found.
WWatcherProxy => service not found.
ppfd_vw_1_10_0_24 => service not found.
SPBIUpdd => service not found.
C:\Users\Derek\AppData\Roaming\LaunchBrowser_ed.exe => moved successfully
C:\Users\Derek\AppData\Local\speed browser => moved successfully
C:\ProgramData\Browser => moved successfully
"C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir" => File/Folder not found.
"C:\Program Files\Common Files\ShopperPro" => File/Folder not found.
"C:\Users\Derek\AppData\Local\BrowserAir" => File/Folder not found.
"C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241" => File/Folder not found.
"C:\Windows\System32\Tasks\ShopperProJSUpd" => File/Folder not found.
"C:\Users\Public\Documents\ShopperPro" => File/Folder not found.
"C:\ProgramData\ShopperPro" => File/Folder not found.
"C:\ProgramData\SearchModule" => File/Folder not found.
"C:\Program Files\Common Files\Goobzo" => File/Folder not found.
"C:\Program Files (x86)\PhraseProfessor_1.10.0.24" => File/Folder not found.
C:\Windows\System32\Tasks\Gsefeihmluga => moved successfully
"C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core" => File/Folder not found.
"C:\Windows\System32\Tasks\Inst_Rep" => File/Folder not found.
"C:\ProgramData\Gsefeihmluga" => File/Folder not found.
"C:\Windows\SysWOW64\WWatcherProxyOff.ini" => File/Folder not found.
"C:\Windows\System32\Tasks\SysProgs_Controller_Mon" => File/Folder not found.
C:\Windows\SysProgramsController => moved successfully
C:\Program Files (x86)\WinWiki => moved successfully
"C:\Windows\system32\WWatcherLSP64.dll" => File/Folder not found.
"C:\Windows\SysWOW64\WWatcherLSP.dll" => File/Folder not found.
C:\Users\Derek\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Derek\AppData\Local\EmieUserList => moved successfully
C:\Users\Derek\AppData\Local\EmieSiteList => moved successfully
C:\Users\Derek\AppData\LocalLow\EmieSiteList => moved successfully
C:\ProgramData\RefreshReg.vbs => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A018563-0092-4E98-ADED-E2A36912F5E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A018563-0092-4E98-ADED-E2A36912F5E6}" => key removed successfully
C:\Windows\System32\Tasks\ShopperProJSUpd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37582EED-30AA-425C-AC28-7313B05E61AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37582EED-30AA-425C-AC28-7313B05E61AA}" => key removed successfully
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313638323230343738382d2a37455a2d6c34325b343241 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63D686C7-6182-41B8-9BFC-2B269F2B4643}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63D686C7-6182-41B8-9BFC-2B269F2B4643}" => key removed successfully
C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD50EF15-A8C3-4FDE-8ED5-52145D4F456C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD50EF15-A8C3-4FDE-8ED5-52145D4F456C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E19A07EA-2F63-45C6-9BAF-1EDD781A369C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E19A07EA-2F63-45C6-9BAF-1EDD781A369C}" => key removed successfully
C:\Windows\System32\Tasks\Gsefeihmluga => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gsefeihmluga" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy" => key removed successfully
"C:\Program Files\Common Files\ShopperPro" => File/Folder not found.
"C:\Program Files (x86)\Win" => File/Folder not found.
"C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys" => File/Folder not found.
"C:\Program Files (x86)\PhraseProfessor_1.10.0.24" => File/Folder not found.
"C:\Program Files (x86)\ShopperPro" => File/Folder not found.
"C:\ProgramData\Gsefeihmluga" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1853940462-981487594-528710876-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1853940462-981487594-528710876-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : ::b988:343:f7c8:fd69
   Temporary IPv6 Address. . . . . . : ::457:9873:58b9:b91f
   Link-local IPv6 Address . . . . . : fe80::b988:343:f7c8:fd69%8
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : ::b988:343:f7c8:fd69
   Temporary IPv6 Address. . . . . . : ::457:9873:58b9:b91f
   Link-local IPv6 Address . . . . . : fe80::b988:343:f7c8:fd69%8
   IPv4 Address. . . . . . . . . . . : 192.168.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{6F15DA3E-3611-4EED-A3BB-D52082512EDF} canceled.
{F60BCD35-576B-4CD9-9319-455D793209C8} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 164.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:37:45 ====

  • 0

#6
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
# AdwCleaner v5.013 - Logfile created 15/10/2015 at 20:51:18
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Derek - LAPTOP
# Running from : C:\Users\Derek\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : e1edc438-f640-4184-a443-d2a7c37a01dc
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKU\.DEFAULT\Software\Browser
[-] Key Deleted : HKCU\Software\Browser
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKLM\SOFTWARE\SpeedBrowser
[!] Key Not Deleted : [x64] HKCU\Software\Browser
[!] Key Not Deleted : [x64] HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com__
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1951 bytes] ##########

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

How is the computer behaving now ?

Could you update Malwarebytes and run a scan posting the resultant log


  • 0

#8
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

It seemed to be working back to normal last night, thank you thank you THANK YOU!!!

 

I will run the malware bytes scan this evening and post the log. Thank you again!


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

My pleasure :)


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

sorry for the delay. here is the Malwarebytes log: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/21/2015
Scan Time: 9:09 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.21.07
Rootkit Database: v2015.10.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Derek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306903
Time Elapsed: 18 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Looks good for the cleanup :) keep safe


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP