Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer got hacked

Started by Jim Anderson , Nov 29 2015 02:36 PM

Please log in to reply

#1
Jim Anderson

Posted 29 November 2015 - 02:36 PM

New Member

Member
8 posts

I have a windows 7 32 bit computer and roughly 3 weeks ago i had place a call with amazon about a discrepancy and when I was on the phone with the customer service rep he gained access to my computer and when I realized what he was doing I turned my computer off and hung the phone up. I googled the number and it was listed as a scam. ever since I have had issues, computer running slow, I had spy hunter 4 and pc speed up that was difficult to remove. Had to go int o safe mode to do that. I also was having issues going to web pages but what was really interesting was i was able to go to my banks online site. I had my son use team viewer to access my computer and I just want to make sure I don't have any nasty viruses on my computer. I scanned using avast and malware bytes and super anti-spyware. Here is my FRST log.

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-11-2015

Ran by Jim (administrator) on JIM-PC (29-11-2015 14:48:19)

Running from C:\Users\Jim\Desktop

Loaded Profiles: Jim (Available Profiles: Jim & Administrator)

Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser not detected!)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

( ) C:\Windows\System32\dlbacoms.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\tv_w32.exe

() C:\Program Files\Dell AIO Printer A940\DLBAmon.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATI~1.EXE

(Sierra Online, Inc.) C:\Sierra\Planner\PLNRnote.exe

(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dlbamon.exe] => C:\Program Files\Dell AIO Printer A940\dlbamon.exe [435696 2007-03-05] ()

HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-29] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-29] (Google Inc.)

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATINPE.EXE [262208 2013-12-15] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-29] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk [2014-05-29]

ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Sierra\Planner\PLNRnote.exe (Sierra Online, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{ABFE84F6-CC01-4A55-B173-8AC1A629826A}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/sphome.aspx

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {8FC038DB-DFC3-40D6-BD78-8F90BF1172E3} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)

Toolbar: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-28] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3988621694-3172890893-754654441-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-03] (Citrix Online)

FF Extension: MediaPlayer - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\Extensions\[email protected] [2015-05-12] [not signed]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-29]

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]

CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]

CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]

CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]

CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]

CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-08]

CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-16] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-29] (AVAST Software)

S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

R2 dlba_device; C:\Windows\system32\dlbacoms.exe [538096 2007-03-05] ( )

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-09-01] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)

R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON CORPORATION)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 TeamViewer; c:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe [4346640 2015-09-11] (TeamViewer GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-11-29] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-11-29] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-11-29] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-11-29] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-29] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-29] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117200 2015-11-29] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-11-29] (AVAST Software)

R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R2 WinDivert32; C:\Windows\System32\drivers\WinDivert32.sys [33792 2014-12-09] (Basil's Projects) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 14:48 - 2015-11-29 14:48 - 00030836 _____ C:\Users\Jim\Desktop\FRST.txt

2015-11-29 14:48 - 2015-11-29 14:48 - 00000000 ____D C:\FRST

2015-11-29 14:47 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe

2015-11-29 14:43 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST.exe

2015-11-29 14:43 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST (1).exe

2015-11-29 14:38 - 2015-11-29 14:38 - 00243656 _____ C:\Users\Jim\Downloads\Firefox Setup Stub 42.0 (1).exe

2015-11-29 13:40 - 2015-11-29 13:41 - 00243656 _____ C:\Users\Jim\Downloads\Firefox Setup Stub 42.0.exe

2015-11-29 13:38 - 2015-11-29 13:38 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2015-11-29 13:38 - 2015-11-29 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-11-29 13:38 - 2015-11-29 13:38 - 00000000 ____D C:\Program Files\QuickTime

2015-11-29 13:32 - 2015-11-29 13:32 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk

2015-11-29 13:32 - 2015-11-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-11-29 13:32 - 2015-11-29 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype

2015-11-29 13:24 - 2015-11-29 13:18 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-11-29 13:19 - 2015-11-29 13:19 - 00002077 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-11-29 13:19 - 2015-11-29 13:19 - 00000000 ____D C:\Users\Jim\AppData\Roaming\AVAST Software

2015-11-29 13:19 - 2015-11-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-11-29 13:18 - 2015-11-29 13:18 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00117200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2015-11-29 13:18 - 2015-11-29 13:18 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-11-29 13:18 - 2015-11-29 13:18 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2015-11-29 13:14 - 2015-11-29 13:14 - 00000000 ____D C:\ProgramData\AVAST Software

2015-11-29 13:14 - 2015-11-29 13:14 - 00000000 ____D C:\Program Files\AVAST Software

2015-11-29 13:11 - 2015-11-29 13:12 - 05084256 _____ (AVAST Software) C:\Users\Jim\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe

2015-11-29 13:10 - 2015-11-29 13:11 - 05084256 _____ (AVAST Software) C:\Users\Jim\Downloads\avast_free_antivirus_setup_online_cnet2.exe

2015-11-29 13:00 - 2015-11-29 13:01 - 05500472 _____ (TeamViewer) C:\Users\Jim\Downloads\TeamViewerQS_en (2).exe

2015-11-29 13:00 - 2015-11-29 13:00 - 05500472 _____ (TeamViewer) C:\Users\Jim\Downloads\TeamViewerQS_en (1).exe

2015-11-29 07:28 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-11-29 07:28 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-11-29 07:28 - 2015-10-19 19:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-11-29 07:28 - 2015-10-19 19:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-11-29 07:28 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-11-29 07:28 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-11-29 07:28 - 2015-10-19 19:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-11-29 07:28 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-11-29 07:28 - 2015-10-19 19:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-11-29 07:28 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-11-29 07:28 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-11-29 07:28 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-11-29 07:28 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-11-29 07:28 - 2015-10-19 18:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-11-29 07:28 - 2015-10-19 18:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-11-29 07:28 - 2015-10-19 18:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-11-29 07:28 - 2015-09-23 08:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-11-29 07:28 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2015-11-28 21:01 - 2015-11-28 21:02 - 00054624 _____ C:\Windows\ntbtlog.txt

2015-11-11 07:48 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-11-10 10:38 - 2015-11-10 11:16 - 00016244 _____ C:\Users\Jim\Documents\holy spitit prayer.odt

2015-11-09 22:35 - 2015-11-09 22:35 - 00000000 ____D C:\Users\Jim\AppData\Local\CEF

2015-11-08 22:17 - 2015-11-12 07:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-11-07 21:59 - 2015-11-28 20:34 - 00000000 ____D C:\Program Files\Media Updater

2015-11-06 11:44 - 2015-11-06 11:44 - 00013299 _____ C:\Users\Jim\Documents\amazon letter.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 15:47 - 2014-05-29 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-11-29 15:47 - 2014-05-29 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-11-29 15:47 - 2014-05-28 21:53 - 00000000 ____D C:\Users\Administrator.000

2015-11-29 15:47 - 2014-05-28 21:49 - 00000000 ____D C:\Users\Jim

2015-11-29 15:47 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal

2015-11-29 15:47 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration

2015-11-29 15:47 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2015-11-29 14:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows

2015-11-29 14:47 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-29 14:47 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-29 14:37 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2015-11-29 14:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf

2015-11-29 14:31 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-29 14:30 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\ModemLogs

2015-11-29 14:27 - 2015-10-29 13:34 - 00000000 ____D C:\Users\Jim\AppData\Roaming\TeamViewer

2015-11-29 14:16 - 2014-05-29 09:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-11-29 14:11 - 2014-05-29 19:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-11-29 13:53 - 2015-03-12 12:53 - 00000917 _____ C:\Windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job

2015-11-29 13:34 - 2014-05-29 10:41 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Skype

2015-11-29 13:32 - 2014-05-29 10:41 - 00000000 ___RD C:\Program Files\Skype

2015-11-29 13:32 - 2014-05-29 10:41 - 00000000 ____D C:\ProgramData\Skype

2015-11-29 13:13 - 2014-05-28 22:37 - 00001945 _____ C:\Windows\epplauncher.mif

2015-11-29 13:09 - 2014-05-29 09:03 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-29 12:58 - 2015-10-15 06:10 - 00080386 _____ C:\appverifier.txt

2015-11-29 07:30 - 2014-05-29 09:24 - 00000000 ____D C:\Windows\system32\MRT

2015-11-28 22:16 - 2014-05-29 09:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-11-28 22:16 - 2014-05-29 09:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-11-28 20:58 - 2015-06-02 18:48 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-11-28 20:57 - 2014-05-29 11:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-11-28 20:49 - 2015-10-14 14:27 - 00000000 ____D C:\Program Files\PC Speedup Pro

2015-11-28 20:39 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew

2015-11-28 20:34 - 2015-04-04 22:21 - 00000000 ___SD C:\Windows\system32\GWX

2015-11-28 20:34 - 2015-01-15 15:23 - 00000000 ____D C:\Program Files\Glance29

2015-11-28 20:34 - 2014-05-29 19:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-11-28 20:34 - 2014-05-29 12:06 - 00000000 ____D C:\Program Files\Adobe

2015-11-28 20:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache

2015-11-28 20:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-11-28 20:29 - 2014-05-29 12:06 - 00000000 ____D C:\Program Files\Common Files\Adobe

2015-11-28 20:29 - 2014-05-29 12:05 - 00000000 ____D C:\ProgramData\Adobe

2015-11-28 20:20 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF

2015-11-24 13:45 - 2014-07-03 14:40 - 00000000 ____D C:\Users\Jim\AppData\Local\Adobe

2015-11-23 15:50 - 2010-09-20 12:32 - 00015569 _____ C:\Users\Jim\Documents\Cantor Schedule.odt

2015-11-18 07:27 - 2015-10-06 14:53 - 00016258 _____ C:\Users\Jim\Documents\k of c parish meeting oct 7.odt

2015-11-05 17:36 - 2014-05-29 19:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-11-03 17:49 - 2009-07-13 23:53 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-11-10 21:48 - 2015-11-23 09:38 - 0000000 _____ () C:\ProgramData\mitmtest-service.log

Some files in TEMP:

====================

C:\Users\Jim\AppData\Local\Temp\_is8432.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2015-11-23 10:07

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-11-2015

Ran by Jim (2015-11-29 14:49:11)

Running from C:\Users\Jim\Desktop

Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2014-05-29 02:49:00)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3988621694-3172890893-754654441-500 - Administrator - Disabled) => C:\Users\Administrator.000

Guest (S-1-5-21-3988621694-3172890893-754654441-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3988621694-3172890893-754654441-1002 - Limited - Enabled)

Jim (S-1-5-21-3988621694-3172890893-754654441-1001 - Administrator - Enabled) => C:\Users\Jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2241 - AVAST Software)

BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)

CryptoPrevent v4.7.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version: - Dell, Inc.)

Easy Photo Scan (HKLM\...\{EDB34773-E7B0-483A-8602-8EBAA7524F8F}) (Version: 1.00.0002 - Seiko Epson Corporation)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version: - SEIKO EPSON Corporation)

Epson XP-520 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-520 User’s Guide_is1) (Version: 1.0 - )

EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)

Event Planner (HKLM\...\{741849D8-E8D9-49CF-B373-0D7507ED0A56}) (Version: - )

Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)

Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden

FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)

Glance 2.9 (HKLM\...\Glance_is1) (Version: - Glance Networks, Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden

Hallmark Card Studio 2 (HKLM\...\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}) (Version: - )

HL-L2305 series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)

Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.15 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)

Software Updater (HKLM\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION) <==== ATTENTION

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

16-11-2015 08:14:01 Windows Update

20-11-2015 07:16:39 Windows Update

23-11-2015 07:28:49 Windows Update

28-11-2015 20:24:15 Restore Operation

28-11-2015 22:26:35 Windows Update

29-11-2015 07:19:15 Windows Update

29-11-2015 13:01:29 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16104CFC-5608-498C-97F2-5DDF6FB15BFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION

Task: {2E80A8BD-31FC-4B06-955C-ACD082706C7F} - System32\Tasks\{CF8C78C4-B996-4C72-B3CF-E37C7D191856} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"

Task: {4C5FA46F-CF5C-4994-BF49-225A1B7C6D27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Task: {62D864AA-5E1D-4B8E-AB60-C0A365F43E67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {70B778C9-05AB-4144-8CD6-A6AF811521B9} - System32\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)

Task: {890218D9-D174-41C0-B32E-4B29DCFE16ED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-29] (AVAST Software)

Task: {A00F5AF9-7F44-4AD5-AF99-0B0F400F4BE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B7EAC6DC-4838-4DC1-AB9E-0DA799AE0B68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-28] (Adobe Systems Incorporated)

Task: {DCE7EEE5-67A7-4638-A3EA-B7D02A1C1DD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE:/EXE:{0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B} /F:UpdateSYSTEM

Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-29 13:18 - 2015-11-29 13:18 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-11-29 13:18 - 2015-11-29 13:18 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-11-29 13:24 - 2015-11-29 13:24 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112900\algo.dll

2015-11-29 13:18 - 2015-11-29 13:18 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-05-29 14:11 - 2007-02-20 07:27 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbapp5c.dll

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 17:12 - 2015-03-20 17:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-05-29 14:11 - 2007-03-05 15:57 - 00435696 _____ () C:\Program Files\Dell AIO Printer A940\DLBAmon.exe

2015-03-03 11:34 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2015-11-29 13:18 - 2015-11-29 13:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.exe: CryptoPreventEXE => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" /"%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100gal.net -> 100gal.net

IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5108 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90801967-9DC5-4AA3-AB49-1A9BF51354A1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{AEC6CFEE-0106-4586-A00D-9C026E590388}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe

FirewallRules: [{3DAE5150-8D46-44E8-A226-D42832670ACD}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe

FirewallRules: [{AEAC50ED-906C-4D79-9442-9EAA5010193C}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe

FirewallRules: [{932F5277-C713-41A6-92F1-E848EB7D2B27}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe

FirewallRules: [{791845AC-4281-4245-B441-73E2D8380C88}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe

FirewallRules: [{80503B3E-45AA-49E2-A501-645DC141D8B2}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe

FirewallRules: [{6BDCCB7F-945F-425F-ADC3-753D68FC601D}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe

FirewallRules: [{F9F77CE2-4BA2-4537-B0A7-16F32053893F}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe

FirewallRules: [{0406CF16-1530-4674-B02E-78F426FEAE12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{41C3EE9F-3FDD-46A1-A2F5-77D51CEE8F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D97B2500-F7B8-425B-98B1-5D98D6640ECF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{0620903F-7B29-49C3-AF00-2B0A4DD5103E}] => (Allow) LPort=2869

FirewallRules: [{DB5797A6-BCF6-4DF4-9407-A4698066A7BC}] => (Allow) LPort=1900

FirewallRules: [{B22FA5A5-C387-4020-B03E-ED85DCF9C81B}] => (Allow) C:\Windows\System32\dlbacoms.exe

FirewallRules: [{B678758D-A1CB-488D-98EF-80F4F7231C48}] => (Allow) C:\Windows\System32\dlbacoms.exe

FirewallRules: [{30768086-B6C5-403C-9664-81DDE17B67E0}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe

FirewallRules: [{FB745985-2E26-40DE-9329-EECF0E24BE27}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe

FirewallRules: [{9D2A0302-A745-46D0-A9DC-1CE864B2FEF6}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe

FirewallRules: [{D3260931-EE74-455F-A51E-E8EA10146198}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe

FirewallRules: [{F0054FE3-87F3-4B3F-8566-6348CA0C1948}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe

FirewallRules: [{FBCF4BAA-BF4F-4803-846C-EEC3E7C6757F}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe

FirewallRules: [{D2444546-E4DD-4396-BDE6-A9D3F454B281}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [{24F33985-2619-4DFD-836D-458FA199F5A9}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [TCP Query User{9F84005E-811B-4159-92B3-01C6E616356D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{B786F92A-EC12-490F-AEFE-D1B4B0A4C79A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe

FirewallRules: [{F001705B-0A10-47EA-8085-6D46CDDAD4E2}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{4C2DEC65-5317-484E-B38B-3D4B67DB3BD1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

FirewallRules: [{F8B20D92-6875-4D31-8F7C-4F558AF6E510}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: USB camera

Description: USB camera

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/29/2015 02:32:08 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 00:59:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 06:57:58 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 09:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 09:07:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 09:03:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 09:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 08:42:21 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 08:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: DiagCpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7c6

Exception code: 0xc0000005

Fault offset: 0x00019cda

Faulting process id: 0xd4c

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Error: (11/28/2015 07:42:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB3102810).

Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3100213).

Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3081320).

Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3097877).

Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3100773).

Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3101722).

Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3092601).

Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3101246).

Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB3107998).

Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB3097989).

CodeIntegrity:

===================================

Date: 2015-11-28 19:11:36.949

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-11-28 19:11:36.934

Date: 2015-11-28 19:11:36.918

Date: 2015-11-28 19:11:36.762

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-11-28 19:11:36.684

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-11-28 19:11:36.637

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-11-28 07:44:03.765

Date: 2015-11-28 07:44:03.749

Date: 2015-11-28 07:44:03.734

Date: 2015-11-28 07:44:03.515

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz

Percentage of memory in use: 54%

Total physical RAM: 2046.99 MB

Available physical RAM: 933.02 MB

Total Virtual: 4093.98 MB

Available Virtual: 2681.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:153.84 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
emeraldnzl

Posted 29 November 2015 - 07:26 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Jim Anderson,

Welcome to Geekstogo.

Sorry for the delay in getting to you.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

CloseProcesses:
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe
Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION
Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

Close any open browsers.
Temporarily disable your AntiVirus program. (If necessary)
Double click on zoek.exe to run.
Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
Copy the text below and paste it into the large window in the zoek tool:
```
Auto Clean
emptyalltemp;
ipconfig /flushdns;b
```
Click on Run script button
Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

So when you return please post

Fixlog.txt
zoek.log
and tell me how your machine is now

#3
Jim Anderson

Posted 30 November 2015 - 08:35 PM

New Member

Topic Starter
Member
8 posts

here is the frst fixlog file:

Fix result of Farbar Recovery Scan Tool (x86) Version:29-11-2015

Ran by Jim (2015-11-30 19:56:27) Run:1

Running from C:\Users\Jim\Desktop

Loaded Profiles: Jim (Available Profiles: Jim & Administrator)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CloseProcesses:

HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe

Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION

Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files\Enigma Software Group

*****************

Processes closed successfully.

"HKU\S-1-5-21-3988621694-3172890893-754654441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b5f03e-e6f1-11e3-81ec-806e6f6e6963}" => key removed successfully.

HKCR\CLSID\{a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{258A40F4-D081-43EB-9FB7-A032DA34A55E}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258A40F4-D081-43EB-9FB7-A032DA34A55E}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Speedup Pro_Logon => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2}" => key removed successfully.

C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully.

"C:\Program Files\Enigma Software Group" => not found.

The system needed a reboot.

==== End of Fixlog 19:56:29 ====

Had a problem with the zoek.exe program. Downloaded to desktop - deactivated avast antivirus closed chrome and double clicked the zoek.exe icon on the desktop. it did not open after 45 min so I just shutdown my computer for the night.

#4
emeraldnzl

Posted 30 November 2015 - 08:58 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Had a problem with the zoek.exe program. Downloaded to desktop - deactivated avast antivirus closed chrome and double clicked the zoek.exe icon on the desktop. it did not open after 45 min so I just shutdown my computer for the night.

Sounds like it may not have downloaded properly but let's leave it for now and do this:

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
Your desktop may go blank. This is normal.
ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5
Jim Anderson

Posted 01 December 2015 - 04:00 PM

New Member

Topic Starter
Member
8 posts

combofix log attached.

Computer is running a bit faster as well.

ComboFix 15-11-30.01 - Jim 12/01/2015 16:34:53.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1175 [GMT -5:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\users\Jim\WINDOWS

c:\users\Jim\WINDOWS\win.ini

((((((((((((((((((((((((( Files Created from 2015-11-01 to 2015-12-01 )))))))))))))))))))))))))))))))

2015-12-01 21:48 . 2015-12-01 21:53 -------- d-----w- c:\users\Jim\AppData\Local\temp

2015-12-01 21:48 . 2015-12-01 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-12-01 21:48 . 2015-12-01 21:48 -------- d-----w- c:\users\Administrator.000\AppData\Local\temp

2015-12-01 21:40 . 2015-12-01 21:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0552FCD0-D249-41ED-968A-7F45287D17A2}\offreg.3428.dll

2015-12-01 21:28 . 2015-11-17 12:43 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0552FCD0-D249-41ED-968A-7F45287D17A2}\mpengine.dll

2015-12-01 01:08 . 2015-12-01 01:08 -------- d-----w- C:\zoek_backup

2015-11-29 19:55 . 2015-11-29 19:55 -------- d-----w- c:\programdata\Foolish IT

2015-11-29 19:48 . 2015-12-01 00:56 -------- d-----w- C:\FRST

2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2015-11-29 18:38 . 2015-11-29 18:38 -------- d-----w- c:\program files\QuickTime

2015-11-29 18:38 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll

2015-11-29 18:38 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll

2015-11-29 18:38 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll

2015-11-29 18:38 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe

2015-11-29 18:32 . 2015-11-29 18:32 -------- d-----w- c:\program files\Common Files\Skype

2015-11-29 18:24 . 2015-11-29 18:18 322760 ----a-w- c:\windows\system32\aswBoot.exe

2015-11-29 18:19 . 2015-11-29 18:19 -------- d-----w- c:\users\Jim\AppData\Roaming\AVAST Software

2015-11-29 18:18 . 2015-11-29 18:18 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2015-11-29 18:18 . 2015-11-29 18:18 117200 ----a-w- c:\windows\system32\drivers\aswStm.sys

2015-11-29 18:18 . 2015-11-29 18:18 435464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2015-11-29 18:18 . 2015-11-29 18:18 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2015-11-29 18:18 . 2015-11-29 18:18 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2015-11-29 18:18 . 2015-11-29 18:18 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2015-11-29 18:18 . 2015-11-29 18:18 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2015-11-29 18:18 . 2015-11-29 18:18 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2015-11-29 18:18 . 2015-11-29 18:18 43112 ----a-w- c:\windows\avastSS.scr

2015-11-29 18:14 . 2015-11-29 18:14 -------- d-----w- c:\program files\AVAST Software

2015-11-29 18:14 . 2015-11-29 18:14 -------- d-----w- c:\programdata\AVAST Software

2015-11-29 00:53 . 2015-11-29 01:20 -------- d-----w- c:\users\Jim\AppData\Local\Diagnostics

2015-11-11 12:48 . 2015-10-20 00:45 69632 ----a-w- c:\windows\system32\smss.exe

2015-11-11 12:47 . 2015-10-30 22:20 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2015-11-10 03:35 . 2015-11-10 03:35 -------- d-----w- c:\users\Jim\AppData\Local\CEF

2015-11-08 02:59 . 2015-11-29 01:34 -------- d-----w- c:\program files\Media Updater

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-11-29 19:11 . 2014-05-30 00:00 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-11-29 03:16 . 2014-05-29 14:02 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2015-11-29 03:16 . 2014-05-29 14:02 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2015-10-29 17:49 . 2015-11-29 18:38 562176 ----a-w- c:\windows\apppatch\AcLayers.dll

2015-10-29 17:49 . 2015-11-29 18:38 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2015-10-29 17:49 . 2015-11-29 18:38 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll

2015-10-29 17:49 . 2015-11-29 18:38 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2015-10-29 17:39 . 2015-11-29 18:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

2015-10-01 17:50 . 2015-10-14 11:30 50176 ----a-w- c:\windows\system32\setbcdlocale.dll

2015-10-01 17:50 . 2015-10-14 11:30 50688 ----a-w- c:\windows\system32\appidapi.dll

2015-10-01 17:50 . 2015-10-14 11:30 28160 ----a-w- c:\windows\system32\appidsvc.dll

2015-10-01 17:50 . 2015-10-14 11:30 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2015-10-01 17:50 . 2015-10-14 11:30 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2015-10-01 16:53 . 2015-10-14 11:30 50176 ----a-w- c:\windows\system32\drivers\appid.sys

2015-09-18 17:47 . 2015-10-15 11:18 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe

2015-09-18 17:44 . 2015-10-15 11:18 587776 ----a-w- c:\windows\system32\invagent.dll

2015-09-18 17:44 . 2015-10-15 11:18 615936 ----a-w- c:\windows\system32\generaltel.dll

2015-09-18 17:44 . 2015-10-15 11:18 423936 ----a-w- c:\windows\system32\devinv.dll

2015-09-18 17:44 . 2015-10-15 11:18 1120768 ----a-w- c:\windows\system32\appraiser.dll

2015-09-18 17:44 . 2015-10-15 11:18 62976 ----a-w- c:\windows\system32\acmigration.dll

2015-09-18 17:35 . 2015-10-15 11:18 999936 ----a-w- c:\windows\system32\aeinv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2015-11-29 18:18 749192 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-05-29 39408]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATINPE.EXE" [2013-12-16 262208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dlbamon.exe"="c:\program files\Dell AIO Printer A940\dlbamon.exe" [2007-03-05 435696]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2014-05-22 4513792]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 157480]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-29 7004376]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-08-06 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2009-7-31 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2015-03-20 22:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2015-04-07 04:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2015-08-06 16:43 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2015-11-05 12:30 6819232 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]

2010-05-20 19:27 762736 ----a-w- c:\windows\vVX3000.exe

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-11-29 117200]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]

R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [2013-07-03 225280]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-29 1343400]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-11-29 794952]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-11-29 435464]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-11-29 24016]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-11-29 81168]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-05 538096]

S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [2013-04-15 143424]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2015-09-01 581104]

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-17 126128]

S2 WinDivert32;WinDivert32;c:\windows\system32\drivers\WinDivert32.sys [2014-12-10 33792]

S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2013-09-25 282112]

S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys [2009-05-13 34080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

utcsvc REG_MULTI_SZ DiagTrack

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-11-29 18:06 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2015-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29 03:16]

2015-12-01 c:\windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job

- c:\windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2015-03-12 16:30]

2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 21:24]

2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 21:24]

------- Supplementary Scan -------

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

------- File Associations -------

.scr=CryptoPreventSCR

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

Completion time: 2015-12-01 16:55:40

ComboFix-quarantined-files.txt 2015-12-01 21:55

Pre-Run: 165,913,038,848 bytes free

Post-Run: 169,778,196,480 bytes free

- - End Of File - - D47769A3FC9A78C712C2FC38798631DC

A36C5E4F47E84449FF07ED3517B43A31

#6
emeraldnzl

Posted 01 December 2015 - 05:32 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Jim,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post

JRT.txt
AdwCleaner log

#7
Jim Anderson

Posted 02 December 2015 - 06:54 PM

New Member

Topic Starter
Member
8 posts

here are the files:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.1 (11.24.2015)

Operating System: Windows 7 Home Premium x86

Ran by Jim (Administrator) on Wed 12/02/2015 at 19:43:04.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 7

Successfully deleted: C:\end (File)

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)

Successfully deleted: C:\rei (Folder)

Successfully deleted: C:\Users\Jim\AppData\Local\packageaware (Folder)

Successfully deleted: C:\Users\Jim\Appdata\LocalLow\skwconfig.bin (File)

Successfully deleted: C:\Windows\reimage.ini (File)

Successfully deleted: C:\Program Files\PC Speedup Pro (Folder)

Deleted the following from C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\prefs.js

user_pref(extensions.toolbar.mindspark.hp.enabled, false);

user_pref(extensions.toolbar.mindspark.hp.enabled.guid, );

user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 12/02/2015 at 19:45:13.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.023 - Logfile created 02/12/2015 at 19:48:27

# Updated 30/11/2015 by Xplode

# Database : 2015-11-30.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x86)

# Username : Jim - JIM-PC

# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Jim\Documents\Flash Player Pro

***** [ Files ] *****

[-] File Deleted : C:\appverifier.txt

[-] File Deleted : C:\Windows\efix.ini

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKLM\SOFTWARE\eFix

[-] Key Deleted : HKLM\SOFTWARE\adwareROI

[-] Key Deleted : HKLM\SOFTWARE\pcsp-pr

[-] Key Deleted : HKLM\SOFTWARE\PCValidatorService

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eFix Pro

***** [ Web browsers ] *****

[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1549 bytes] ##########

#8
emeraldnzl

Posted 02 December 2015 - 07:35 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again Jim,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

Click the blue Run ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
Check "Enable detection of potentially unwanted applications"
Click on Start and say yes to allow the program to proceed.
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
After that click the button "Back"
Select and check Uninstall application on close and Delete quarantined files.
Then click on: Finish
Copy and paste the ESET log back here and tell me how your machine is now.

#9
Jim Anderson

Posted 03 December 2015 - 08:32 PM

New Member

Topic Starter
Member
8 posts

here is the log file ESEt online scanner

C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Conduit\IE\CT3294791\UninstallerUI.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir Win32/Toolbar.DefaultTab.E potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe.vir a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVaf1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\DeskSvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\eUninstall.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\TrayDownloader.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MPCBClient.dll.vir a variant of Win32/MyPCBackup.D potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir MSIL/MyPCBackup.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\SaltarSmart\SaltarSmartUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\prxtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\prxtbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\dup.exe.vir a variant of Win32/ELEX.FP potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\eUninstall.exe.vir a variant of Win32/ELEX.DS potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\TrayDownloader.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir a variant of Win32/Toolbar.Perion.G potentially unwanted application cleaned by deleting - quarantined

C:\Users\Jim\Documents\Downloads\ARO2013_tbt (1).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Users\Jim\Documents\Downloads\ARO2013_tbt (2).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Users\Jim\Documents\Downloads\ARO2013_tbt (3).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Users\Jim\Documents\Downloads\ARO2013_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Users\Jim\Downloads\eFixPro(1).exe a variant of Win32/ReImageRepair.J potentially unwanted application cleaned by deleting - quarantined

C:\Users\Jim\Downloads\eFixPro.exe a variant of Win32/ReImageRepair.J potentially unwanted application cleaned by deleting - quarantined

C:\Users\Jim\Favorites\PalletMaster's Work Shop ® ~ Entry to the heart of a poet.URL LNK/Agent.CH trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\All Users\Documents\tempdel2014 a variant of Win32/Kryptik.BYZE trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Favorites\PalletMaster's Work Shop ® ~ Entry to the heart of a poet.URL LNK/Agent.CH trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.31.0.526_0\APISupport\APISupport.dll Win32/Conduit.SearchProtect potentially unwanted application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.0.526_0\APISupport\APISupport.dll Win32/Conduit.SearchProtect potentially unwanted application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55\6d920cb7-7c978fdb Java/Exploit.Agent.RUF trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\tbSwe0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\is-NQR65.tmp\OptProCrash.dll a variant of Win32/SProtector.E potentially unwanted application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\{108F18F9-00E4-4147-BE9D-95EBB15945EF}\setup.exe multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (1).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (2).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (3).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\flashplayerpro-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined

C:\Windows.old\Windows\system32\rpcss.dll Win32/Patched.IB trojan cleaned - quarantined

C:\Windows.old\Windows\system32\dllcache\rpcss.dll Win32/Patched.IB trojan cleaned - quarantined

#10
emeraldnzl

Posted 03 December 2015 - 08:53 PM

GeekU Instructor

GeekU Moderator
20,051 posts

How is your machine now?

#11
Jim Anderson

Posted 04 December 2015 - 04:22 PM

New Member

Topic Starter
Member
8 posts

Been using it all day and it seems faster and Its not like it was before with all the pop ups that I was getting and being sluggish.

thanks.

#12
emeraldnzl

Posted 04 December 2015 - 04:40 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Been using it all day and it seems faster and Its not like it was before with all the pop ups that I was getting and being sluggish.

Good news. :thumbsup:

We have a couple of last steps to perform and then you're all set.

Now

Follow these steps to uninstall Combofix. This will also clean out and reset your Restore Points.

Press the Windows Key and R on your keyboard. This will bring up the Run window.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Follow the prompts to uninstall Combofix.

Once done you will receive a message saying Combofix was uninstalled successfully.

Next

To clear away the remaining tools we have been using download Delfix from here. You will be taken to the download page. Just wait and shortly the download will appear.

Put a check (tick) in the following boxes:

Remove disinfection tools
Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

-----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicious programs. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

Hola users warning.

If you use the Hola VPN (Virtual Private Network) you should be aware that you might be compromised. See here.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

For some common sense advice about protecting your computer read How to boost your malware defense and protect your PC

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

#13
Jim Anderson

Posted 06 December 2015 - 06:56 PM

New Member

Topic Starter
Member
8 posts

# DelFix v1.011 - Logfile created 06/12/2015 at 19:54:51

# Updated 18/08/2015 by Xplode

# Username : Jim - JIM-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\ComboFix.txt

Deleted : C:\Users\Jim\Desktop\Addition.txt

Deleted : C:\Users\Jim\Desktop\AdwCleaner.exe

Deleted : C:\Users\Jim\Desktop\Fixlog.txt

Deleted : C:\Users\Jim\Desktop\FRST.exe

Deleted : C:\Users\Jim\Desktop\FRST.txt

Deleted : C:\Users\Jim\Desktop\JRT.exe

Deleted : C:\Users\Jim\Desktop\JRT.txt

Deleted : C:\Users\Jim\Desktop\TFC.exe

Deleted : C:\Users\Jim\Desktop\zoek (1).exe

Deleted : C:\Users\Jim\Downloads\FRST (1).exe

Deleted : C:\Users\Jim\Downloads\FRST.exe

Deleted : C:\Users\Jim\Downloads\zoek.exe

Deleted : C:\Users\Jim\Documents\Downloads\adwcleaner(1).exe

Deleted : C:\Users\Jim\Documents\Downloads\adwcleaner.exe

Deleted : C:\Users\Jim\Documents\Downloads\Extras.Txt

Deleted : C:\Users\Jim\Documents\Downloads\OTL.Txt

Deleted : C:\Users\Jim\Documents\Downloads\OTL.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

########## - EOF - ##########

#14
emeraldnzl

Posted 06 December 2015 - 07:05 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Looks like that did it's job nicely.

Thank you. :thumbsup:

#15
Jim Anderson

Posted 06 December 2015 - 07:48 PM

New Member

Topic Starter
Member
8 posts

I am trying to install Firefox and I keep getting this error message. says

7-zip in the header of the window and then the message says -this program is blocked by groups policy. for more information Contact your system administrator.

I cant even find 7-zip on my computer. Not sure what else to do. I cant paste the screen shot or up load the file its 10MB.

weird thing is the icon on the desktop says Firefox setup stub 42.0. Even when I try to delete it it says

the action can't be completed because the file is open in 7z setup SFX.