Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer got hacked


  • Please log in to reply

#1
Jim Anderson

Jim Anderson

    New Member

  • Member
  • Pip
  • 8 posts

I have a windows 7 32 bit computer and roughly 3 weeks ago i had place a call with amazon about a discrepancy and when I was on the phone with the customer service rep he gained access to my computer and when I realized what he was doing I turned my computer off and hung the phone up. I googled the number and it was listed as a scam. ever since I have had issues, computer running slow, I had spy hunter 4 and pc speed up that was difficult to remove. Had to go int o safe mode to do that. I also was having issues going to web pages but what was really interesting was i was able to go to my banks online site. I had my son use team viewer to access my computer and I just want to make sure I don't have any nasty viruses  on  my computer. I scanned using avast and malware bytes and super anti-spyware. Here is my FRST log.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-11-2015
Ran by Jim (administrator) on JIM-PC (29-11-2015 14:48:19)
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\dlbacoms.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\tv_w32.exe
() C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATI~1.EXE
(Sierra Online, Inc.) C:\Sierra\Planner\PLNRnote.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [dlbamon.exe] => C:\Program Files\Dell AIO Printer A940\dlbamon.exe [435696 2007-03-05] ()
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-29] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-29] (Google Inc.)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATINPE.EXE [262208 2013-12-15] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-29] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk [2014-05-29]
ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Sierra\Planner\PLNRnote.exe (Sierra Online, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{ABFE84F6-CC01-4A55-B173-8AC1A629826A}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/sphome.aspx
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {8FC038DB-DFC3-40D6-BD78-8F90BF1172E3} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-18] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-28] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3988621694-3172890893-754654441-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-03] (Citrix Online)
FF Extension: MediaPlayer - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\Extensions\[email protected] [2015-05-12] [not signed]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-29]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-08]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-16] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-29] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 dlba_device; C:\Windows\system32\dlbacoms.exe [538096 2007-03-05] ( )
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-09-01] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON CORPORATION)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; c:\Users\Jim\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe [4346640 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-11-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-11-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117200 2015-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-11-29] (AVAST Software)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 WinDivert32; C:\Windows\System32\drivers\WinDivert32.sys [33792 2014-12-09] (Basil's Projects) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-29 14:48 - 2015-11-29 14:48 - 00030836 _____ C:\Users\Jim\Desktop\FRST.txt
2015-11-29 14:48 - 2015-11-29 14:48 - 00000000 ____D C:\FRST
2015-11-29 14:47 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
2015-11-29 14:43 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST.exe
2015-11-29 14:43 - 2015-11-29 14:43 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST (1).exe
2015-11-29 14:38 - 2015-11-29 14:38 - 00243656 _____ C:\Users\Jim\Downloads\Firefox Setup Stub 42.0 (1).exe
2015-11-29 13:40 - 2015-11-29 13:41 - 00243656 _____ C:\Users\Jim\Downloads\Firefox Setup Stub 42.0.exe
2015-11-29 13:38 - 2015-11-29 13:38 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-11-29 13:38 - 2015-11-29 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-29 13:38 - 2015-11-29 13:38 - 00000000 ____D C:\Program Files\QuickTime
2015-11-29 13:32 - 2015-11-29 13:32 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-29 13:32 - 2015-11-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-29 13:32 - 2015-11-29 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-29 13:24 - 2015-11-29 13:18 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-29 13:19 - 2015-11-29 13:19 - 00002077 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-29 13:19 - 2015-11-29 13:19 - 00000000 ____D C:\Users\Jim\AppData\Roaming\AVAST Software
2015-11-29 13:19 - 2015-11-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-29 13:18 - 2015-11-29 13:18 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00117200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-29 13:18 - 2015-11-29 13:18 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-29 13:18 - 2015-11-29 13:18 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-29 13:14 - 2015-11-29 13:14 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-29 13:14 - 2015-11-29 13:14 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-29 13:11 - 2015-11-29 13:12 - 05084256 _____ (AVAST Software) C:\Users\Jim\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe
2015-11-29 13:10 - 2015-11-29 13:11 - 05084256 _____ (AVAST Software) C:\Users\Jim\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-11-29 13:00 - 2015-11-29 13:01 - 05500472 _____ (TeamViewer) C:\Users\Jim\Downloads\TeamViewerQS_en (2).exe
2015-11-29 13:00 - 2015-11-29 13:00 - 05500472 _____ (TeamViewer) C:\Users\Jim\Downloads\TeamViewerQS_en (1).exe
2015-11-29 07:28 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-29 07:28 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-29 07:28 - 2015-10-19 19:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-29 07:28 - 2015-10-19 19:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-29 07:28 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-29 07:28 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-29 07:28 - 2015-10-19 19:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-29 07:28 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-29 07:28 - 2015-10-19 19:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-29 07:28 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-29 07:28 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-29 07:28 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-29 07:28 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-29 07:28 - 2015-10-19 18:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-29 07:28 - 2015-10-19 18:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-29 07:28 - 2015-10-19 18:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-29 07:28 - 2015-09-23 08:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-29 07:28 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-28 21:01 - 2015-11-28 21:02 - 00054624 _____ C:\Windows\ntbtlog.txt
2015-11-11 07:48 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 10:38 - 2015-11-10 11:16 - 00016244 _____ C:\Users\Jim\Documents\holy spitit prayer.odt
2015-11-09 22:35 - 2015-11-09 22:35 - 00000000 ____D C:\Users\Jim\AppData\Local\CEF
2015-11-08 22:17 - 2015-11-12 07:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-07 21:59 - 2015-11-28 20:34 - 00000000 ____D C:\Program Files\Media Updater
2015-11-06 11:44 - 2015-11-06 11:44 - 00013299 _____ C:\Users\Jim\Documents\amazon letter.odt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-29 15:47 - 2014-05-29 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-29 15:47 - 2014-05-29 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-29 15:47 - 2014-05-28 21:53 - 00000000 ____D C:\Users\Administrator.000
2015-11-29 15:47 - 2014-05-28 21:49 - 00000000 ____D C:\Users\Jim
2015-11-29 15:47 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-29 15:47 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-29 15:47 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-29 14:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-11-29 14:47 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-29 14:47 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-29 14:37 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 14:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-11-29 14:31 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 14:30 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\ModemLogs
2015-11-29 14:27 - 2015-10-29 13:34 - 00000000 ____D C:\Users\Jim\AppData\Roaming\TeamViewer
2015-11-29 14:16 - 2014-05-29 09:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-29 14:11 - 2014-05-29 19:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 13:53 - 2015-03-12 12:53 - 00000917 _____ C:\Windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job
2015-11-29 13:34 - 2014-05-29 10:41 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Skype
2015-11-29 13:32 - 2014-05-29 10:41 - 00000000 ___RD C:\Program Files\Skype
2015-11-29 13:32 - 2014-05-29 10:41 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 13:13 - 2014-05-28 22:37 - 00001945 _____ C:\Windows\epplauncher.mif
2015-11-29 13:09 - 2014-05-29 09:03 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 12:58 - 2015-10-15 06:10 - 00080386 _____ C:\appverifier.txt
2015-11-29 07:30 - 2014-05-29 09:24 - 00000000 ____D C:\Windows\system32\MRT
2015-11-28 22:16 - 2014-05-29 09:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-28 22:16 - 2014-05-29 09:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-28 20:58 - 2015-06-02 18:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-28 20:57 - 2014-05-29 11:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-28 20:49 - 2015-10-14 14:27 - 00000000 ____D C:\Program Files\PC Speedup Pro
2015-11-28 20:39 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew
2015-11-28 20:34 - 2015-04-04 22:21 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-28 20:34 - 2015-01-15 15:23 - 00000000 ____D C:\Program Files\Glance29
2015-11-28 20:34 - 2014-05-29 19:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-28 20:34 - 2014-05-29 12:06 - 00000000 ____D C:\Program Files\Adobe
2015-11-28 20:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-28 20:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-28 20:29 - 2014-05-29 12:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-28 20:29 - 2014-05-29 12:05 - 00000000 ____D C:\ProgramData\Adobe
2015-11-28 20:20 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-24 13:45 - 2014-07-03 14:40 - 00000000 ____D C:\Users\Jim\AppData\Local\Adobe
2015-11-23 15:50 - 2010-09-20 12:32 - 00015569 _____ C:\Users\Jim\Documents\Cantor Schedule.odt
2015-11-18 07:27 - 2015-10-06 14:53 - 00016258 _____ C:\Users\Jim\Documents\k of c parish meeting oct 7.odt
2015-11-05 17:36 - 2014-05-29 19:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-03 17:49 - 2009-07-13 23:53 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-11-10 21:48 - 2015-11-23 09:38 - 0000000 _____ () C:\ProgramData\mitmtest-service.log
 
Some files in TEMP:
====================
C:\Users\Jim\AppData\Local\Temp\_is8432.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2015-11-23 10:07
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-11-2015
Ran by Jim (2015-11-29 14:49:11)
Running from C:\Users\Jim\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2014-05-29 02:49:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3988621694-3172890893-754654441-500 - Administrator - Disabled) => C:\Users\Administrator.000
Guest (S-1-5-21-3988621694-3172890893-754654441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3988621694-3172890893-754654441-1002 - Limited - Enabled)
Jim (S-1-5-21-3988621694-3172890893-754654441-1001 - Administrator - Enabled) => C:\Users\Jim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2241 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
CryptoPrevent v4.7.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version:  - Dell, Inc.)
Easy Photo Scan (HKLM\...\{EDB34773-E7B0-483A-8602-8EBAA7524F8F}) (Version: 1.00.0002 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-520 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-520 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Event Planner (HKLM\...\{741849D8-E8D9-49CF-B373-0D7507ED0A56}) (Version:  - )
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Glance 2.9 (HKLM\...\Glance_is1) (Version:  - Glance Networks, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Hallmark Card Studio 2 (HKLM\...\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}) (Version:  - )
HL-L2305 series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.15 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
Software Updater (HKLM\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION) <==== ATTENTION
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-11-2015 08:14:01 Windows Update
20-11-2015 07:16:39 Windows Update
23-11-2015 07:28:49 Windows Update
28-11-2015 20:24:15 Restore Operation
28-11-2015 22:26:35 Windows Update
29-11-2015 07:19:15 Windows Update
29-11-2015 13:01:29 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {16104CFC-5608-498C-97F2-5DDF6FB15BFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION
Task: {2E80A8BD-31FC-4B06-955C-ACD082706C7F} - System32\Tasks\{CF8C78C4-B996-4C72-B3CF-E37C7D191856} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
Task: {4C5FA46F-CF5C-4994-BF49-225A1B7C6D27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {62D864AA-5E1D-4B8E-AB60-C0A365F43E67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {70B778C9-05AB-4144-8CD6-A6AF811521B9} - System32\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {890218D9-D174-41C0-B32E-4B29DCFE16ED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-29] (AVAST Software)
Task: {A00F5AF9-7F44-4AD5-AF99-0B0F400F4BE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B7EAC6DC-4838-4DC1-AB9E-0DA799AE0B68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-28] (Adobe Systems Incorporated)
Task: {DCE7EEE5-67A7-4638-A3EA-B7D02A1C1DD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE:/EXE:{0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-29 13:18 - 2015-11-29 13:18 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-29 13:18 - 2015-11-29 13:18 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-29 13:24 - 2015-11-29 13:24 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112900\algo.dll
2015-11-29 13:18 - 2015-11-29 13:18 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-05-29 14:11 - 2007-02-20 07:27 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbapp5c.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-29 14:11 - 2007-03-05 15:57 - 00435696 _____ () C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
2015-03-03 11:34 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-11-29 13:18 - 2015-11-29 13:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.exe: CryptoPreventEXE => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" /"%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 5108 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{90801967-9DC5-4AA3-AB49-1A9BF51354A1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AEC6CFEE-0106-4586-A00D-9C026E590388}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{3DAE5150-8D46-44E8-A226-D42832670ACD}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AEAC50ED-906C-4D79-9442-9EAA5010193C}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{932F5277-C713-41A6-92F1-E848EB7D2B27}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{791845AC-4281-4245-B441-73E2D8380C88}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{80503B3E-45AA-49E2-A501-645DC141D8B2}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{6BDCCB7F-945F-425F-ADC3-753D68FC601D}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F9F77CE2-4BA2-4537-B0A7-16F32053893F}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0406CF16-1530-4674-B02E-78F426FEAE12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41C3EE9F-3FDD-46A1-A2F5-77D51CEE8F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D97B2500-F7B8-425B-98B1-5D98D6640ECF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0620903F-7B29-49C3-AF00-2B0A4DD5103E}] => (Allow) LPort=2869
FirewallRules: [{DB5797A6-BCF6-4DF4-9407-A4698066A7BC}] => (Allow) LPort=1900
FirewallRules: [{B22FA5A5-C387-4020-B03E-ED85DCF9C81B}] => (Allow) C:\Windows\System32\dlbacoms.exe
FirewallRules: [{B678758D-A1CB-488D-98EF-80F4F7231C48}] => (Allow) C:\Windows\System32\dlbacoms.exe
FirewallRules: [{30768086-B6C5-403C-9664-81DDE17B67E0}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe
FirewallRules: [{FB745985-2E26-40DE-9329-EECF0E24BE27}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe
FirewallRules: [{9D2A0302-A745-46D0-A9DC-1CE864B2FEF6}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
FirewallRules: [{D3260931-EE74-455F-A51E-E8EA10146198}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
FirewallRules: [{F0054FE3-87F3-4B3F-8566-6348CA0C1948}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe
FirewallRules: [{FBCF4BAA-BF4F-4803-846C-EEC3E7C6757F}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe
FirewallRules: [{D2444546-E4DD-4396-BDE6-A9D3F454B281}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{24F33985-2619-4DFD-836D-458FA199F5A9}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{9F84005E-811B-4159-92B3-01C6E616356D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B786F92A-EC12-490F-AEFE-D1B4B0A4C79A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{F001705B-0A10-47EA-8085-6D46CDDAD4E2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4C2DEC65-5317-484E-B38B-3D4B67DB3BD1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F8B20D92-6875-4D31-8F7C-4F558AF6E510}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
 
==================== Faulty Device Manager Devices =============
 
Name: USB camera
Description: USB camera
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/29/2015 02:32:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/29/2015 00:59:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/29/2015 06:57:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 09:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 09:07:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 09:03:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 09:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 08:42:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2015 08:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: DiagCpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7c6
Exception code: 0xc0000005
Fault offset: 0x00019cda
Faulting process id: 0xd4c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/28/2015 07:42:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB3102810).
 
Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3100213).
 
Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3081320).
 
Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB3097877).
 
Error: (11/29/2015 01:01:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3100773).
 
Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3101722).
 
Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3092601).
 
Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB3101246).
 
Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB3107998).
 
Error: (11/29/2015 01:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB3097989).
 
 
CodeIntegrity:
===================================
  Date: 2015-11-28 19:11:36.949
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 19:11:36.934
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 19:11:36.918
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 19:11:36.762
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 19:11:36.684
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 19:11:36.637
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 07:44:03.765
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 07:44:03.749
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 07:44:03.734
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-11-28 07:44:03.515
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 54%
Total physical RAM: 2046.99 MB
Available physical RAM: 933.02 MB
Total Virtual: 4093.98 MB
Available Virtual: 2681.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:153.84 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello Jim Anderson,

Welcome to Geekstogo.

Sorry for the delay in getting to you.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

CloseProcesses:
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe
Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION
Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).



  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  •  Double click on zoek.exe to run.
  •  Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  •  Copy the text below and paste it into the large window in the zoek tool:

          
    Auto Clean
    emptyalltemp;
    ipconfig /flushdns;b
  •     Click on Run script button
  •     Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  •     Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

So when you return please post

  • Fixlog.txt
  • zoek.log
  • and tell me how your machine is now

 


  • 0

#3
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

here is the frst fixlog file:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:29-11-2015
Ran by Jim (2015-11-30 19:56:27) Run:1
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\MountPoints2: {a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} - D:\SETUP.exe
Task: {258A40F4-D081-43EB-9FB7-A032DA34A55E} - \PC Speedup Pro_Logon -> No File <==== ATTENTION
Task: {5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-3988621694-3172890893-754654441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b5f03e-e6f1-11e3-81ec-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{a7b5f03e-e6f1-11e3-81ec-806e6f6e6963} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{258A40F4-D081-43EB-9FB7-A032DA34A55E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258A40F4-D081-43EB-9FB7-A032DA34A55E}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Speedup Pro_Logon => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CB2D87D-55ED-4960-8B36-7CB3F87CEBC2}" => key removed successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully.
"C:\Program Files\Enigma Software Group" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:56:29 ====
 
Had a problem with the zoek.exe program. Downloaded to desktop - deactivated avast antivirus closed chrome and double clicked the zoek.exe icon on the desktop.  it did not open after 45 min so I just shutdown my computer for the night.  

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

 

Had a problem with the zoek.exe program. Downloaded to desktop - deactivated avast antivirus closed chrome and double clicked the zoek.exe icon on the desktop.  it did not open after 45 min so I just shutdown my computer for the night.

 

Sounds like it may not have downloaded properly but let's leave it for now and do this:

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 


  • 0

#5
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

combofix log attached.

 

Computer is running a bit faster as well.

 

ComboFix 15-11-30.01 - Jim 12/01/2015  16:34:53.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.1175 [GMT -5:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jim\WINDOWS
c:\users\Jim\WINDOWS\win.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-01 to 2015-12-01  )))))))))))))))))))))))))))))))
.
.
2015-12-01 21:48 . 2015-12-01 21:53 -------- d-----w- c:\users\Jim\AppData\Local\temp
2015-12-01 21:48 . 2015-12-01 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-01 21:48 . 2015-12-01 21:48 -------- d-----w- c:\users\Administrator.000\AppData\Local\temp
2015-12-01 21:40 . 2015-12-01 21:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0552FCD0-D249-41ED-968A-7F45287D17A2}\offreg.3428.dll
2015-12-01 21:28 . 2015-11-17 12:43 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0552FCD0-D249-41ED-968A-7F45287D17A2}\mpengine.dll
2015-12-01 01:08 . 2015-12-01 01:08 -------- d-----w- C:\zoek_backup
2015-11-29 19:55 . 2015-11-29 19:55 -------- d-----w- c:\programdata\Foolish IT
2015-11-29 19:48 . 2015-12-01 00:56 -------- d-----w- C:\FRST
2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-11-29 18:39 . 2015-11-29 18:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-11-29 18:38 . 2015-11-29 18:38 -------- d-----w- c:\program files\QuickTime
2015-11-29 18:38 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-29 18:38 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-29 18:38 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-29 18:38 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-29 18:32 . 2015-11-29 18:32 -------- d-----w- c:\program files\Common Files\Skype
2015-11-29 18:24 . 2015-11-29 18:18 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-11-29 18:19 . 2015-11-29 18:19 -------- d-----w- c:\users\Jim\AppData\Roaming\AVAST Software
2015-11-29 18:18 . 2015-11-29 18:18 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-29 18:18 . 2015-11-29 18:18 117200 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-29 18:18 . 2015-11-29 18:18 435464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-29 18:18 . 2015-11-29 18:18 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-29 18:18 . 2015-11-29 18:18 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-29 18:18 . 2015-11-29 18:18 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-29 18:18 . 2015-11-29 18:18 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-29 18:18 . 2015-11-29 18:18 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-29 18:18 . 2015-11-29 18:18 43112 ----a-w- c:\windows\avastSS.scr
2015-11-29 18:14 . 2015-11-29 18:14 -------- d-----w- c:\program files\AVAST Software
2015-11-29 18:14 . 2015-11-29 18:14 -------- d-----w- c:\programdata\AVAST Software
2015-11-29 00:53 . 2015-11-29 01:20 -------- d-----w- c:\users\Jim\AppData\Local\Diagnostics
2015-11-11 12:48 . 2015-10-20 00:45 69632 ----a-w- c:\windows\system32\smss.exe
2015-11-11 12:47 . 2015-10-30 22:20 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-11-10 03:35 . 2015-11-10 03:35 -------- d-----w- c:\users\Jim\AppData\Local\CEF
2015-11-08 02:59 . 2015-11-29 01:34 -------- d-----w- c:\program files\Media Updater
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-29 19:11 . 2014-05-30 00:00 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-29 03:16 . 2014-05-29 14:02 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-29 03:16 . 2014-05-29 14:02 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-29 17:49 . 2015-11-29 18:38 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-29 18:38 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-29 18:38 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-29 18:38 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-29 18:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-01 17:50 . 2015-10-14 11:30 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50 . 2015-10-14 11:30 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50 . 2015-10-14 11:30 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50 . 2015-10-14 11:30 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-14 11:30 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53 . 2015-10-14 11:30 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 17:47 . 2015-10-15 11:18 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44 . 2015-10-15 11:18 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44 . 2015-10-15 11:18 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44 . 2015-10-15 11:18 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44 . 2015-10-15 11:18 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44 . 2015-10-15 11:18 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35 . 2015-10-15 11:18 999936 ----a-w- c:\windows\system32\aeinv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-29 18:18 749192 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-05-29 39408]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATINPE.EXE" [2013-12-16 262208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dlbamon.exe"="c:\program files\Dell AIO Printer A940\dlbamon.exe" [2007-03-05 435696]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2014-05-22 4513792]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 157480]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-29 7004376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-08-06 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2009-7-31 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 22:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 04:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-08-06 16:43 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2015-11-05 12:30 6819232 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2010-05-20 19:27 762736 ----a-w- c:\windows\vVX3000.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-11-29 117200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [2013-07-03 225280]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-29 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-11-29 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-11-29 435464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-11-29 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-11-29 81168]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-05 538096]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [2013-04-15 143424]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2015-09-01 581104]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-17 126128]
S2 WinDivert32;WinDivert32;c:\windows\system32\drivers\WinDivert32.sys [2014-12-10 33792]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2013-09-25 282112]
S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys [2009-05-13 34080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-29 18:06 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29 03:16]
.
2015-12-01 c:\windows\Tasks\EPSON XP-520 Series Update {0CDAEB43-9BC2-4130-A05B-5BA7D69CE06B}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2015-03-12 16:30]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 21:24]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 21:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-01  16:55:40
ComboFix-quarantined-files.txt  2015-12-01 21:55
.
Pre-Run: 165,913,038,848 bytes free
Post-Run: 169,778,196,480 bytes free
.
- - End Of File - - D47769A3FC9A78C712C2FC38798631DC
A36C5E4F47E84449FF07ED3517B43A31
 

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello Jim,

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post

  • JRT.txt
  • AdwCleaner log

 


  • 0

#7
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here are  the files:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x86 
Ran by Jim (Administrator) on Wed 12/02/2015 at 19:43:04.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 7 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\rei (Folder) 
Successfully deleted: C:\Users\Jim\AppData\Local\packageaware (Folder) 
Successfully deleted: C:\Users\Jim\Appdata\LocalLow\skwconfig.bin (File) 
Successfully deleted: C:\Windows\reimage.ini (File) 
Successfully deleted: C:\Program Files\PC Speedup Pro (Folder) 
 
Deleted the following from C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\prefs.js
user_pref(extensions.toolbar.mindspark.hp.enabled, false);
user_pref(extensions.toolbar.mindspark.hp.enabled.guid, );
user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/02/2015 at 19:45:13.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.023 - Logfile created 02/12/2015 at 19:48:27
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Jim - JIM-PC
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Jim\Documents\Flash Player Pro
 
***** [ Files ] *****
 
[-] File Deleted : C:\appverifier.txt
[-] File Deleted : C:\Windows\efix.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKLM\SOFTWARE\eFix
[-] Key Deleted : HKLM\SOFTWARE\adwareROI
[-] Key Deleted : HKLM\SOFTWARE\pcsp-pr
[-] Key Deleted : HKLM\SOFTWARE\PCValidatorService
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eFix Pro
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1549 bytes] ##########
 

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello again Jim,

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 

 

 


  • 0

#9
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

here is the log file ESEt online scanner

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Conduit\IE\CT3294791\UninstallerUI.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir Win32/Toolbar.DefaultTab.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe.vir a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVaf1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\DeskSvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\eUninstall.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jim\Local Settings\Temp\Desk365\Desk_365\TrayDownloader.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MPCBClient.dll.vir a variant of Win32/MyPCBackup.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir MSIL/MyPCBackup.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SaltarSmart\SaltarSmartUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hk64tbVaf0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hk64tbVafm.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hktbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\hktbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\prxtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\prxtbVafm.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic2\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\dup.exe.vir a variant of Win32/ELEX.FP potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\eUninstall.exe.vir a variant of Win32/ELEX.DS potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\TrayDownloader.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir a variant of Win32/Toolbar.Perion.G potentially unwanted application cleaned by deleting - quarantined
C:\Users\Jim\Documents\Downloads\ARO2013_tbt (1).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\Jim\Documents\Downloads\ARO2013_tbt (2).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\Jim\Documents\Downloads\ARO2013_tbt (3).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\Jim\Documents\Downloads\ARO2013_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\Jim\Downloads\eFixPro(1).exe a variant of Win32/ReImageRepair.J potentially unwanted application cleaned by deleting - quarantined
C:\Users\Jim\Downloads\eFixPro.exe a variant of Win32/ReImageRepair.J potentially unwanted application cleaned by deleting - quarantined
C:\Users\Jim\Favorites\PalletMaster's Work Shop ® ~ Entry to the heart of a poet.URL LNK/Agent.CH trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Documents\tempdel2014 a variant of Win32/Kryptik.BYZE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Favorites\PalletMaster's Work Shop ® ~ Entry to the heart of a poet.URL LNK/Agent.CH trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.31.0.526_0\APISupport\APISupport.dll Win32/Conduit.SearchProtect potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.0.526_0\APISupport\APISupport.dll Win32/Conduit.SearchProtect potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55\6d920cb7-7c978fdb Java/Exploit.Agent.RUF trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\tbSwe0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\is-NQR65.tmp\OptProCrash.dll a variant of Win32/SProtector.E potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\Local Settings\Temp\{108F18F9-00E4-4147-BE9D-95EBB15945EF}\setup.exe multiple threats cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (1).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (2).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt (3).exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\ARO2013_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Jim\My Documents\Downloads\flashplayerpro-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows.old\Windows\system32\rpcss.dll Win32/Patched.IB trojan cleaned - quarantined
C:\Windows.old\Windows\system32\dllcache\rpcss.dll Win32/Patched.IB trojan cleaned - quarantined
 

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

How is your machine now?


  • 0

Advertisements


#11
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Been using it all day and it seems faster and Its not like it was before with all the pop ups that I was getting and being sluggish.

 

thanks.


  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Been using it all day and it seems faster and Its not like it was before with all the pop ups that I was getting and being sluggish.


Good news. :thumbsup:

We have a couple of last steps to perform and then you're all set. :)

Now

Follow these steps to uninstall Combofix. This will also clean out and reset your Restore Points.

  • Press the Windows Key and R on your keyboard. This will bring up the Run window.
  • Now type Combofix /Uninstall in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.

CF_Uninstall-1.jpg


  • Follow the prompts to uninstall Combofix.

Once done you will receive a message saying Combofix was uninstalled successfully.

Next

To clear away the remaining tools we have been using download Delfix from here. You will be taken to the download page. Just wait and shortly the download will appear.

Put a check (tick) in the following boxes:
 

  • Remove disinfection tools
  • Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

-----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicious programs. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

Hola users warning.

If you use the Hola VPN (Virtual Private Network) you should be aware that you might be compromised. See here.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

For some common sense advice about protecting your computer read How to boost your malware defense and protect your PC

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!


  • 0

#13
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
# DelFix v1.011 - Logfile created 06/12/2015 at 19:54:51
# Updated 18/08/2015 by Xplode
# Username : Jim - JIM-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Jim\Desktop\Addition.txt
Deleted : C:\Users\Jim\Desktop\AdwCleaner.exe
Deleted : C:\Users\Jim\Desktop\Fixlog.txt
Deleted : C:\Users\Jim\Desktop\FRST.exe
Deleted : C:\Users\Jim\Desktop\FRST.txt
Deleted : C:\Users\Jim\Desktop\JRT.exe
Deleted : C:\Users\Jim\Desktop\JRT.txt
Deleted : C:\Users\Jim\Desktop\TFC.exe
Deleted : C:\Users\Jim\Desktop\zoek (1).exe
Deleted : C:\Users\Jim\Downloads\FRST (1).exe
Deleted : C:\Users\Jim\Downloads\FRST.exe
Deleted : C:\Users\Jim\Downloads\zoek.exe
Deleted : C:\Users\Jim\Documents\Downloads\adwcleaner(1).exe
Deleted : C:\Users\Jim\Documents\Downloads\adwcleaner.exe
Deleted : C:\Users\Jim\Documents\Downloads\Extras.Txt
Deleted : C:\Users\Jim\Documents\Downloads\OTL.Txt
Deleted : C:\Users\Jim\Documents\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
 
########## - EOF - ##########
 

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Looks like that did it's job nicely.

 

Thank you. :thumbsup:


  • 0

#15
Jim Anderson

Jim Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I am trying to install Firefox and I keep getting this error message. says

 

7-zip in the header of the window and then the message says -this program is blocked by groups policy. for more information Contact your system administrator.

 

I cant even find 7-zip on my computer. Not sure what else to do.  I cant paste the screen shot or up load the file its 10MB.

 

weird thing is the icon on the desktop says Firefox setup stub 42.0. Even when I try to delete it it says

 

the action can't be completed because the file is open in 7z setup SFX.

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP