Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sister-in-law's laptop ... she says it's running too slow ...

Started by moondog830 , Feb 15 2016 02:29 PM

  • This topic is locked This topic is locked

#1
moondog830
Posted 15 February 2016 - 02:29 PM

moondog830

    Member

  • Member
  • PipPipPip
  • 804 posts

I'm not sure what is going on, but I thought I would start here and make sure she's not infected. She says her phone and her hubby's tablets work just fine at home on the internet, but

her laptop moves like crap

 

Help Please

 

FRST Scan

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by MICHELE (administrator) on MICHELE-PC (15-02-2016 11:53:33)
Running from C:\Users\MICHELE\Desktop
Loaded Profiles: MICHELE (Available Profiles: MICHELE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\PCCU.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKU\S-1-5-21-47984466-8570645-183781455-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-19] (Google Inc.)
HKU\S-1-5-21-47984466-8570645-183781455-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-07-25] (SUPERAntiSpyware)
HKU\S-1-5-21-47984466-8570645-183781455-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-47984466-8570645-183781455-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{40F5B95F-8709-4673-BC63-8F8E7FA2012D}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> DefaultScope {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> C9CED3DFB6A44CE38909215F02EFD1E2 URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-30] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-30] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.moondographics.com/kady.htm
CHR StartupUrls: Default -> "hxxp://www.moondographics.com/kady.htm"
CHR NewTab: Default -> "chrome-extension://fddgbombopilgefffbcgcfneiejeclia/stubby.html"
CHR Profile: C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (BetterCareerSearch) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia [2016-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-21] (SUPERAntiSpyware.com) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-09-28] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2013-09-02] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-15 11:53 - 2016-02-15 11:55 - 00017074 _____ C:\Users\MICHELE\Desktop\FRST.txt
2016-02-15 11:53 - 2016-02-15 11:53 - 00000000 ____D C:\FRST
2016-02-15 11:52 - 2016-02-15 11:25 - 02370560 _____ (Farbar) C:\Users\MICHELE\Desktop\FRST64.exe
2016-02-09 18:02 - 2016-02-09 18:02 - 08817344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-21 20:35 - 2016-01-21 20:35 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{0C78106F-1960-46B6-B5E2-3A8610B90BF1}
2016-01-21 20:27 - 2016-01-21 20:27 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{6FD1866A-7EC4-4460-BF8E-F23DB230E486}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-15 12:02 - 2013-02-24 19:37 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-02-15 12:01 - 2012-09-06 20:57 - 00000260 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2016-02-15 11:49 - 2012-03-19 08:29 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 11:47 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-02-15 11:39 - 2009-07-14 00:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-15 11:37 - 2015-03-03 21:29 - 00000000 ____D C:\windows\system32\MRT
2016-02-15 11:34 - 2012-03-19 08:29 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 12:26 - 2015-03-03 21:29 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-14 11:58 - 2013-01-16 19:30 - 00003966 _____ C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
2016-02-14 11:55 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-14 11:55 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-14 11:53 - 2012-03-19 08:23 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-02-14 11:53 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-14 11:51 - 2012-03-19 08:23 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-14 11:51 - 2012-03-19 08:23 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-02-12 05:59 - 2012-05-10 23:18 - 00000000 ____D C:\Users\MICHELE\AppData\Local\Google
2016-02-11 19:36 - 2012-12-31 20:46 - 00015872 ___SH C:\Users\MICHELE\Desktop\Thumbs.db
2016-02-11 19:35 - 2012-03-19 08:29 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-11 06:36 - 2014-07-06 10:11 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-09 18:03 - 2013-02-24 19:37 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 18:03 - 2013-02-24 19:37 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 18:03 - 2011-10-30 22:37 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-06 09:33 - 2013-09-13 14:56 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-02-04 06:54 - 2012-06-26 20:28 - 05370880 ___SH C:\Users\MICHELE\Downloads\Thumbs.db
2016-02-02 22:04 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-02 07:03 - 2012-03-19 08:29 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 07:03 - 2012-03-19 08:29 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 07:07 - 2015-10-28 18:33 - 00000000 ____D C:\Users\MICHELE\AppData\Local\ElevatedDiagnostics
2016-01-16 08:19 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
 
==================== Files in the root of some directories =======
 
2014-07-26 11:56 - 2014-07-26 11:56 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{09AFF31B-4306-4CF0-92F7-7A372E55CF8A}
2014-12-26 02:38 - 2014-12-26 02:38 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{1C6D4A61-9939-477E-8885-1D78E04D1D1D}
2014-12-18 22:57 - 2014-12-18 22:57 - 0001477 _____ () C:\Users\MICHELE\AppData\Local\{1F84ECA3-7E5A-4D10-A861-6D35881C4C67}
2015-09-19 07:16 - 2015-09-19 07:16 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{8B9BB3AB-2EBD-4203-8F35-E042AA763AF3}
2014-08-15 23:33 - 2014-08-15 23:33 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{9A5CCE76-5229-4B4B-AA67-7A73D69799F3}
2014-07-21 10:39 - 2014-07-21 10:39 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{A28F2EAA-B8B0-457F-B53F-99B5527B5FB1}
2015-01-03 04:02 - 2015-01-03 04:02 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{CBCAFFFB-BD52-45F9-80E7-18DBA0646D3B}
2015-04-12 19:23 - 2015-04-12 19:23 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DBD6E44E-1B87-4BCD-8D65-FBA7EDD55167}
2014-12-30 03:46 - 2014-12-30 03:46 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DCEDFDA6-ACD5-4B24-A607-D05C27C318AA}
2012-09-06 20:55 - 2012-09-06 20:55 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-11 06:21
 
==================== End of FRST.txt ============================
 
 
Addition Scan
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by MICHELE (2016-02-15 12:07:19)
Running from C:\Users\MICHELE\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-11 04:12:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-47984466-8570645-183781455-500 - Administrator - Disabled)
Guest (S-1-5-21-47984466-8570645-183781455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-47984466-8570645-183781455-1002 - Limited - Enabled)
MICHELE (S-1-5-21-47984466-8570645-183781455-1000 - Administrator - Enabled) => C:\Users\MICHELE
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.81.0 - Symantec Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3B889121-CD55-4117-A478-7DE37ACF78E8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {50E3E14C-D7C4-49C6-9360-D7E2F80F74DB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {60871062-59B3-4644-A038-96E50566B456} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {663FEFC8-114C-4BDC-B5C8-EEB8FAF49873} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {7DAA7B3D-E9DC-459F-BEF6-2DAA60BF819B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A4383552-15D5-46BB-8D8F-2ADFC79F3268} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {C6161881-3501-48E3-869D-76FEF9403733} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-09-28] (Symantec Corporation)
Task: {CB6CFF31-6B38-43F7-AD95-8F883563F736} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {F30345E9-8720-4E6A-8A27-366B3E200C2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2013-04-07 06:42 - 2013-04-07 06:42 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2011-06-08 00:11 - 2011-06-08 00:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 12:17 - 2011-03-22 12:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 20:22 - 2013-06-04 20:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 01:21 - 2013-05-28 01:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 21:58 - 2013-03-26 21:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2016-02-11 19:34 - 2016-02-09 06:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-11 19:34 - 2016-02-09 06:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-02-14 11:49 - 00000832 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-47984466-8570645-183781455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MICHELE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A75294BF-6D28-4190-9F30-9486B0656966}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}] => (Allow) LPort=2869
FirewallRules: [{43FD5422-C754-41E9-80F0-F7306695CD76}] => (Allow) LPort=1900
FirewallRules: [{18E36171-96E6-486F-BF4E-777316285C52}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{17F97F53-4F88-483D-9B3F-632CA04ECF6E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{AD5884C6-E380-4314-B210-2565B57BB0C1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{3D4F8488-CBB9-4E20-ADDB-1BE90D8ABDFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{EFB146BE-9234-44B0-AA52-DCBDA8F76107}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{D6C32582-5BC9-46D8-A89A-527BAD9F0197}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-01-2016 07:04:37 Windows Update
14-01-2016 06:03:02 Windows Update
15-01-2016 06:48:30 Windows Modules Installer
19-01-2016 19:54:57 Windows Update
26-01-2016 23:54:13 Windows Update
03-02-2016 06:12:34 Windows Update
03-02-2016 06:15:01 Scheduled Checkpoint
11-02-2016 07:45:09 Windows Update
12-02-2016 05:56:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2016 11:33:35 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/13/2016 11:41:21 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 ErrorCode: 14007(0x36b7).
 
Error: (02/11/2016 07:30:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b3c
 
Start Time: 01d1652bbf5897d7
 
Termination Time: 7472
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: b8e49e10-d11f-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 06:04:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5e0
 
Start Time: 01d1651cf09a0965
 
Termination Time: 18595
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: cd622b1a-d113-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 06:04:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1408
 
Start Time: 01d1651c70194739
 
Termination Time: 15912
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: c3c4dc40-d113-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 05:38:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1da4
 
Start Time: 01d1651c437c3ce0
 
Termination Time: 11559
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: 1b4c3bbb-d110-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 05:37:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10c4
 
Start Time: 01d1651c71537cdd
 
Termination Time: 23416
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: 000d67f7-d110-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 05:37:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ec4
 
Start Time: 01d1651c5bdd94ea
 
Termination Time: 20700
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: f51c0f41-d10f-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 05:33:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 3.28.0.1913 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ef0
 
Start Time: 01d1651b9740aff0
 
Termination Time: 16333
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: 725414f0-d10f-11e5-bd7b-00266c0d3307
 
Error: (02/11/2016 03:39:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
 
System errors:
=============
Error: (02/14/2016 06:35:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
 
Error: (02/14/2016 12:23:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (02/14/2016 12:23:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (02/14/2016 11:44:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
Error: (02/13/2016 05:45:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/13/2016 11:41:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
 
Error: (02/13/2016 08:17:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
Error: (02/13/2016 08:16:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
 
Error: (02/13/2016 03:01:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (02/12/2016 08:04:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 73%
Total physical RAM: 3686.87 MB
Available physical RAM: 963.77 MB
Total Virtual: 7371.94 MB
Available Virtual: 3034.41 MB
 
==================== Drives ================================
 
Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:154.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (STORE N GO) (Removable) (Total:14.41 GB) (Free:7.23 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 20C94C86)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 9C9ECCA9)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
dbreeze
Posted 15 February 2016 - 09:41 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi moondog830,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....


FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Coupon Printer for Windows

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Coupons
HKLM\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> DefaultScope {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> C9CED3DFB6A44CE38909215F02EFD1E2 URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
Toolbar: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.moondographics.com/kady.htm
CHR StartupUrls: Default -> "hxxp://www.moondographics.com/kady.htm"
CHR NewTab: Default -> "chrome-extension://fddgbombopilgefffbcgcfneiejeclia/stubby.html"
CHR Extension: (BetterCareerSearch) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia [2016-01-13]
C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
2016-01-21 20:35 - 2016-01-21 20:35 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{0C78106F-1960-46B6-B5E2-3A8610B90BF1}
2016-01-21 20:27 - 2016-01-21 20:27 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{6FD1866A-7EC4-4460-BF8E-F23DB230E486}
2014-07-26 11:56 - 2014-07-26 11:56 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{09AFF31B-4306-4CF0-92F7-7A372E55CF8A}
2014-12-26 02:38 - 2014-12-26 02:38 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{1C6D4A61-9939-477E-8885-1D78E04D1D1D}
2014-12-18 22:57 - 2014-12-18 22:57 - 0001477 _____ () C:\Users\MICHELE\AppData\Local\{1F84ECA3-7E5A-4D10-A861-6D35881C4C67}
2015-09-19 07:16 - 2015-09-19 07:16 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{8B9BB3AB-2EBD-4203-8F35-E042AA763AF3}
2014-08-15 23:33 - 2014-08-15 23:33 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{9A5CCE76-5229-4B4B-AA67-7A73D69799F3}
2014-07-21 10:39 - 2014-07-21 10:39 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{A28F2EAA-B8B0-457F-B53F-99B5527B5FB1}
2015-01-03 04:02 - 2015-01-03 04:02 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{CBCAFFFB-BD52-45F9-80E7-18DBA0646D3B}
2015-04-12 19:23 - 2015-04-12 19:23 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DBD6E44E-1B87-4BCD-8D65-FBA7EDD55167}
2014-12-30 03:46 - 2014-12-30 03:46 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DCEDFDA6-ACD5-4B24-A607-D05C27C318AA}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Information to Reply with >>>>


  • The Fixlog.txt log file text.
  • The JRT.txt log file text.
  • How is the system running now?

 

 


  • 0

#3
moondog830
Posted 16 February 2016 - 10:12 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by MICHELE (2016-02-16 10:44:01) Run:1
Running from C:\Users\MICHELE\Desktop
Loaded Profiles: MICHELE (Available Profiles: MICHELE)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Coupons
HKLM\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> DefaultScope {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> C9CED3DFB6A44CE38909215F02EFD1E2 URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {E4923A94-0CC4-4622-A6F6-7F60642CB36D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS483
SearchScopes: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
Toolbar: HKU\S-1-5-21-47984466-8570645-183781455-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.moondographics.com/kady.htm
CHR StartupUrls: Default -> "hxxp://www.moondographics.com/kady.htm"
CHR NewTab: Default -> "chrome-extension://fddgbombopilgefffbcgcfneiejeclia/stubby.html"
CHR Extension: (BetterCareerSearch) - C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia [2016-01-13]
C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
2016-01-21 20:35 - 2016-01-21 20:35 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{0C78106F-1960-46B6-B5E2-3A8610B90BF1}
2016-01-21 20:27 - 2016-01-21 20:27 - 00000000 ____D C:\Users\MICHELE\AppData\Local\{6FD1866A-7EC4-4460-BF8E-F23DB230E486}
2014-07-26 11:56 - 2014-07-26 11:56 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{09AFF31B-4306-4CF0-92F7-7A372E55CF8A}
2014-12-26 02:38 - 2014-12-26 02:38 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{1C6D4A61-9939-477E-8885-1D78E04D1D1D}
2014-12-18 22:57 - 2014-12-18 22:57 - 0001477 _____ () C:\Users\MICHELE\AppData\Local\{1F84ECA3-7E5A-4D10-A861-6D35881C4C67}
2015-09-19 07:16 - 2015-09-19 07:16 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{8B9BB3AB-2EBD-4203-8F35-E042AA763AF3}
2014-08-15 23:33 - 2014-08-15 23:33 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{9A5CCE76-5229-4B4B-AA67-7A73D69799F3}
2014-07-21 10:39 - 2014-07-21 10:39 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{A28F2EAA-B8B0-457F-B53F-99B5527B5FB1}
2015-01-03 04:02 - 2015-01-03 04:02 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{CBCAFFFB-BD52-45F9-80E7-18DBA0646D3B}
2015-04-12 19:23 - 2015-04-12 19:23 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DBD6E44E-1B87-4BCD-8D65-FBA7EDD55167}
2014-12-30 03:46 - 2014-12-30 03:46 - 0000000 _____ () C:\Users\MICHELE\AppData\Local\{DCEDFDA6-ACD5-4B24-A607-D05C27C318AA}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Coupons => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\Wow6432Node\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\C9CED3DFB6A44CE38909215F02EFD1E2" => key removed successfully
HKCR\CLSID\C9CED3DFB6A44CE38909215F02EFD1E2 => key not found. 
"HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4923A94-0CC4-4622-A6F6-7F60642CB36D}" => key removed successfully
HKCR\CLSID\{E4923A94-0CC4-4622-A6F6-7F60642CB36D} => key not found. 
"HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKU\S-1-5-21-47984466-8570645-183781455-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome NewTab => removed successfully
C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia => moved successfully
"C:\Users\MICHELE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia" => not found.
CouponPrinterService => service removed successfully
C:\Users\MICHELE\AppData\Local\{0C78106F-1960-46B6-B5E2-3A8610B90BF1} => moved successfully
C:\Users\MICHELE\AppData\Local\{6FD1866A-7EC4-4460-BF8E-F23DB230E486} => moved successfully
C:\Users\MICHELE\AppData\Local\{09AFF31B-4306-4CF0-92F7-7A372E55CF8A} => moved successfully
C:\Users\MICHELE\AppData\Local\{1C6D4A61-9939-477E-8885-1D78E04D1D1D} => moved successfully
C:\Users\MICHELE\AppData\Local\{1F84ECA3-7E5A-4D10-A861-6D35881C4C67} => moved successfully
C:\Users\MICHELE\AppData\Local\{8B9BB3AB-2EBD-4203-8F35-E042AA763AF3} => moved successfully
C:\Users\MICHELE\AppData\Local\{9A5CCE76-5229-4B4B-AA67-7A73D69799F3} => moved successfully
C:\Users\MICHELE\AppData\Local\{A28F2EAA-B8B0-457F-B53F-99B5527B5FB1} => moved successfully
C:\Users\MICHELE\AppData\Local\{CBCAFFFB-BD52-45F9-80E7-18DBA0646D3B} => moved successfully
C:\Users\MICHELE\AppData\Local\{DBD6E44E-1B87-4BCD-8D65-FBA7EDD55167} => moved successfully
C:\Users\MICHELE\AppData\Local\{DCEDFDA6-ACD5-4B24-A607-D05C27C318AA} => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E5C48821-EB51-420D-97D9-B905230E3FF1}.
Unable to cancel {B52A8A65-BBF3-4AC0-825F-8CA163ED677B}.
Unable to cancel {2B404E95-14DF-4F50-A456-F7FB93737203}.
{BEB81F31-6CBD-4338-AF7E-047E9EDB10DD} canceled.
Unable to cancel {F31ACF8D-AAC7-462A-A2BC-1486ECA902F7}.
1 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-47984466-8570645-183781455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 256.3 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:46:04 ====
 
JRT Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by MICHELE (Administrator) on Tue 02/16/2016 at 10:54:04.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 245 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\Users\MICHELE\AppData\Local\{016A7112-4E24-4A65-AB7A-6BDA82A239CF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{030CF96C-1176-428E-9BBD-2208EDE1527A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{03FC0D24-2565-44A2-8682-DDDAC5F3F688} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{05A89AEA-3E5A-413F-A437-0CA0337CB95D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{05ACF0A6-6837-448B-B252-8D7C49ADB3DD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{066F9B73-AED8-49BB-8FB0-C93BF3898F80} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{07517BFC-D41A-4B0B-A895-091B21902D53} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{0A8D5549-6012-4865-9D54-CD2AAB338F2C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{0C294C1E-39B7-4E36-8893-D58113666F46} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{0E49289C-317C-47B4-ABA3-B32F3F9B751C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1046AC07-82E9-49E8-B542-35EC3B204FA8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{10C4FF22-159F-4083-848A-E422004C94BB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{111D6CFF-A1F6-4887-9C64-03B6C7EF6D4C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1164C1F6-D2C4-4150-823A-9B85CEEF9165} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{118A1B74-FA93-427E-BCCB-71432CF3A858} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1198FC40-0358-43F9-81D5-563519AF9C39} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{120E3A90-6DB3-46C5-9110-D9CDBE4FF112} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{12B7FAD7-1727-4433-B66A-EFD0C3930166} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{12BCE81B-6753-47F1-8DE7-EC5DF3E824B8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1358896A-07FD-4E0B-BC9A-D47B1A53F0FF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{148BAFD0-E584-4F12-91D1-A124A12A1F3B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{15D536A5-D006-41D3-B421-9EEBB610728F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{16887C12-A67F-4A8C-ABEF-11C6ECE3DFAF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{16FFB1ED-705D-4013-AD8D-0C86FBB11592} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1729B09F-121C-4193-851B-E1C5CB12B269} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{19C987ED-D4F4-42D9-94BD-4A2BA77D603A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1A28F6F3-0147-4BE0-8230-517B8468F941} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1A362ED7-C904-4231-9523-2A140149241B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1A4B3B3D-6A6F-4A1A-A120-9C8F060C212A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1A584188-CC15-41B1-8472-A53D1A39D2E2} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1A7A8AAF-FA86-409E-94A0-5F7B3EAA8867} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1AD4B683-A0A3-4946-AF7B-74F285C3B227} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1D1304FE-7047-4857-990F-5CDFE6520EF8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1DEFE842-DDAC-4CE1-A5F4-3CFA970580EF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1F185A8B-A7AE-481D-B1B6-89F0722FADAD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{1F434E03-2EC2-4A8A-A07D-737EC47154BD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{20A0D411-FF70-4C9A-B560-728F4C7C2CDB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{21EBF4C2-FA55-4951-BF46-F60FC8A09F2D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{22BE975C-2095-4346-9D0F-AC1CD6F5A1D4} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{232D0AB4-1B23-418F-BA97-9131B3A17B44} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{23607B84-9431-40E6-A15B-99C9DC99A09E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2384CE34-D716-4CD9-936E-3CEFD7995290} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{257277E4-F902-4D49-BBF0-80E63DF5FAB0} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{25B59884-B71B-4E37-AFC3-9CF8F0C25119} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{25BD6EF9-8533-49B3-AC89-6E1B0FCE7C3B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{270C8780-F624-4F28-B2C0-CB478E136DF8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2788F7F7-BC31-45A2-8977-8BE5AA1E7AF1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2926D640-EC8A-4318-A08A-7C5C5B0752C6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{29ED48F6-2231-408C-9790-0351F1223C29} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{29F6EA16-25C9-4944-82D7-C2E740E79E87} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2AEB621F-76CD-4E4B-929A-48C0D9936769} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2CACCC3C-EABA-4209-8494-EBF0A570789E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2E934C1E-5035-4BC1-AE44-B3F49C4E242C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{2F5E62D9-023D-4734-8897-853A0675CCE0} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{313E66F6-1F01-4BCB-AE43-6CDC2015CA1D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{327DE78E-A672-4296-881D-AF8BCDE6717A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{33403B38-057E-4CD5-A4A0-C1C71A870361} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{337A0788-2FCE-46DE-8244-8C612717A941} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{33DE7EAD-AFCA-441A-91D4-603F828CE99F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{34560589-112C-4B6C-B0DE-1EE655CDA4A5} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{362D2119-F104-43E5-AB6C-A7CA9F97EAF7} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{3651EA38-8A99-45B8-9B5C-5275120B8E37} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{38643670-ADFE-455B-9DCB-AA5EF5B69E62} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{38F96F5B-3E95-4571-A53D-55D0A66A623A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{3A798023-FF0C-4A21-8C59-DD8A10E14A27} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{3E28A4E8-AB05-4FCC-BBD4-3CE1E8C454EB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4197C16A-34E3-48E6-B6EA-F906BC02A20E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{427D8A71-BD54-4452-9B9E-011DCA604B1C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{44C75AEB-9D6F-4C52-A216-C0977405E7CF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4655CCB5-AA18-454D-BB6F-4136EB6B3BA6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{48800A65-D1F2-4C9E-AF6A-214DC0F161F8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4C55CCD8-A96C-40AC-816D-0746E08576BB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4DA7B6ED-220A-4F76-B4F6-CE3C5B26294E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4F3D0287-62B6-4B92-97F0-EB8284AEE886} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{4FDE72D8-DA90-41BF-9A30-872C6376395A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{506A0D30-343F-47B5-95E8-6804016E13A1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{50AD5FBC-2954-4702-A96B-8C6ABD33A996} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{51F27424-6BFA-4D00-8C02-6721A0FBF56B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5217EC13-94E9-42DC-A729-104472B7C9C4} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5326E884-A9AF-4975-A0F2-3E00567A9E93} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{55F0CDA8-CFFB-4D40-893E-1C31B6BE1231} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5715FF81-33FD-4561-A9A7-F42590134E9E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{57DB57AE-692D-45A4-A560-F3527079C6EC} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{59B1EA87-D970-40EA-8800-1519F77001C2} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5A83558E-D7EF-4FB1-8AE4-489C5345CA3E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5C45CCCC-1BAE-46AE-861F-EF31630C00FE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5D8FE04B-CED0-47A8-A274-06FCB187CBC3} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5DA26083-CE50-4FD3-AA2D-B258EF5FEA7F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{5FF1BAA6-B8A9-47D9-933E-E4353D434D06} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6027E0F2-C197-412D-90A9-4B411E883EFE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{604A0524-FFC9-4DCC-BA79-A8822D8E34AE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{62715742-1A2E-4340-AA1B-3EEF0B0EA88A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{635AABC1-01B5-48B2-A3AC-7B8CA22A3B62} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{642E9FAD-D7A0-43B8-8457-F92E881B0C63} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{65EBCCC7-F8C1-45B5-9674-13EB93C62AEA} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{65F5FB47-297D-4EF5-ABC9-DA4ED4EDB395} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{660BA1E2-3ACB-4499-9189-A7CF809FC574} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{66999C31-6573-459D-B273-F50CEFF28E48} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{675BB281-AC6C-4FD9-B4AA-215D8A94AA99} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{67A0BF9B-C134-4D75-8C1C-E5C7F3A93C33} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{67D9EE76-6F56-4F87-A148-C6CC6BF48D24} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{68AA982D-09D5-41A9-95A1-CC323DF1EA15} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6956A024-CAE4-4DA7-A35E-CFB2F12DD40C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{69F6D3CE-32D9-4375-B1CA-46D88AC1F3DA} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6A2847DD-D497-466F-ADFD-4007D3806283} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6A45C7A0-B303-4842-93E1-36AC08FB7C46} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6B51FC4E-D15B-4984-BF60-2BBDC7A71564} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6DA08C9F-0D31-4106-849F-CB7593D452F6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6F3B8EF9-832C-4413-9A51-B11F71C38925} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{6FDEC5B6-F1BA-4D28-A9E4-238E537EDA6C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{70F3245A-AF58-4A45-A118-FD247BCA511E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{72FA3300-BC7E-444A-98EC-80B580F692BD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{74B8F486-17BE-4CFD-87FD-AA9BE6688D29} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{7752D749-36C1-474F-985A-D9C48884C440} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{783D6B7C-41C1-4453-902B-15D827C55FD5} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{7AA52A09-AA6A-4106-A93D-AA8A2C0DBC4F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{7B8184F6-D8CF-46BE-8482-68C55BC907AB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{7C863489-5DB4-4E66-AFA8-373149CF618E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{7D9BF55C-CC5E-4481-BE96-F9F22D9C1652} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{80A7B95B-4C25-4AED-9701-36796FE3B2B1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{80DB4D99-67A8-43CF-BBEB-9F9B718C1D18} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{81C17033-5628-4D3A-B0F8-3835BCB37987} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{825AD5C7-22EF-44D2-9CF5-2E877DE3A014} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{835CDB48-E22F-4E99-A28A-F368DA74F85B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{83A242C2-018E-4D7E-A1B0-85CDB75D0DD9} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{873DC3EC-409F-4824-9D30-8B052C9EB172} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{87F12FEE-24F4-4FCF-A2FC-0FBD2577082E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8823D7AC-513F-4F48-9A4A-6231CA1F33E2} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{89B73102-51AB-4ADF-8DBB-7B8F085D27BE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8BB05ED5-0752-4DCB-8BC4-3ED6EA57F44E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8C489203-2A7E-4790-95C0-7F54A95AC51C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8CBD3A53-36E5-4E2A-A43F-B9062EC1C971} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8D034A07-9BDC-465C-9A0B-54EF11FFC602} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{8EF65096-0CB8-4AD1-9FAA-3CE6114C83FF} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{92D7C03F-3927-4A2F-8441-2157B1E9A0A6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{942DA8E9-0672-4916-86A0-54915BD32D99} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{94910A00-B7CA-4613-A97A-9A4CC47A0A40} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{96ACEA9D-7436-4818-9B3C-6EECED76B926} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{96B98760-FD02-41A6-8E1C-E438490F6ECD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9874B2BC-242C-4B40-AE25-5F529A143829} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{98951571-E93B-409C-8591-DF37845759A1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{98D37171-F8D4-4E56-8286-F868E5DBE11C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9904D6DC-6142-460E-A408-2D500C1B9F1C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{995A91C9-838B-4BC4-8991-F839448A207A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9B032D6E-C4B0-4973-9497-F7688957DFE7} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9B776076-ED7D-4335-8B38-3B42EFCAF012} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9C03E979-26D9-48C4-BC81-0F82329DDD56} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9CA90E48-D9A9-4A97-A0D3-3DBD691931F1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{9FB9F336-D4DD-4EFE-AC89-770A880E0383} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A01CDC1C-9BBD-4AC9-82AA-55D8BAB64D77} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A22FA488-CFFB-482A-9747-B284A7046068} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A59F8C6B-0668-47C7-B6EA-7FBCD3063092} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A5C24AFA-855A-410F-A2C0-118A8427E9A5} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A7273185-93BF-4EF4-9CB3-B994519A2567} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{A97B2FF5-DB02-4D8C-A3A4-80703FE633DE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{AC8D59E5-7C20-43E2-A308-CBFCD1426785} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{ACA48EFA-C5FA-4F92-BE3B-4ECD8F180558} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{AE1E9715-B9A6-4C28-B387-7519D49FB869} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{AF0157AA-5F2F-49FB-AAA8-E3F305C3B40A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{AF16100A-2EE4-4E36-8B6D-D0397C4B183C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{AF7A03BD-3C14-4103-B9FB-90349BBFC384} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B18E0A9C-2783-4704-B0B7-3BE8460EC7A3} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B22333E2-CDE7-43AA-AB41-8B577D1C3A6E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B33781F5-8A45-477A-8117-94B9FCF0EA6B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B3AC408E-595A-40C5-BB45-3EF44EE2EEFD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B3BAA11D-EC0A-48BE-B8CC-EB955CF75D28} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B4F6B715-6B73-4E0A-AFF5-D76A05AA65D6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B5E71882-5970-4CCC-930B-F5469D100BD0} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{B5F4CBFF-F4A2-4C69-869B-FBC75480F87F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BB5881A6-98C4-4A38-BB72-1F2AFD1454AB} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BBEADC89-124C-4922-A3EA-45D47D4D1719} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BC0F36DA-599E-4399-8DFB-FF1AF737CE2B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BD5D68A3-715E-437E-AF07-1066737E5D3F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BDF7AD6E-250C-4943-9BB4-AC50C609825A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BEC3D796-1C47-4FEE-BA1B-AE1B4F5D5269} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BF47B1A6-BCA8-4CCF-9244-4FE48B248B9F} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BFBC4FB1-94F1-4720-94E4-5C65D42C8D20} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{BFD2E581-05F8-4BD6-AE0C-242ECF215FEE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C10B4A99-D622-4734-9A33-ABBC2BB3A767} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C4C32B29-8E5F-4423-830F-585E9486C69A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C5A374E2-50EE-4E7B-AC14-0D7CD2CD290E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C6908E78-2D24-4D07-A4B6-43BA3692A3F1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C69BB6FA-4F7A-4579-A844-1ECC3ED9CFC8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{C835E800-776D-4E2D-AA3C-1513781DDA49} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CB3EFEB9-3F3C-467A-960B-0DAE64FB6F23} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CD81F759-05C0-4FF3-86F6-540CECC83E0C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CDD0E189-FC28-4073-94C8-A8CBF5D3CC09} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CE76921D-30B9-45B5-8809-0E126C49BE08} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CE8BB9EB-E42F-46E4-BB7D-52DA0E7B3BAA} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{CECB3852-1E6D-4A26-B99D-C4335ADB7C9A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D03BCFEA-AAAF-42D8-9B10-269FB5CA0624} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D04FDE14-7A6E-4243-8C32-F69E55459546} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D1222C12-D36D-4E6B-AABF-E6BA4A5A1B82} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D2C0D4B5-F1EA-40F8-998C-D09AF99B3E31} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D342ACA0-D20E-4754-BB3D-1F1E9E038D2B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D3577C91-6E8F-4E0C-92E7-BB245AFE4572} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D6F55AE5-1013-45C9-BA23-92636F68F904} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D715D376-499E-4DA4-9C65-7F96097A247C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D743639F-671F-42FF-ACC7-D594E489BCF8} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{D9C33F9C-F6E9-4FF8-B568-F797D30F0213} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{DC4399A0-BD87-4C4E-9983-DA609F0B15AD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{DC88D74E-69E4-4E60-AFC0-4610898C6150} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{DF9F2BB7-907F-45EC-8B4E-8E77D58C9687} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E07AE760-126E-4D17-AEC2-DD11E45FA50B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E11A253D-F0FC-442F-84F0-106DE761DA83} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E29B404C-1DF6-45F8-8B15-77B3292A8C49} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E3123E28-F7B8-4AEC-BB48-CE2B78167421} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E374CDBA-9E58-467A-9C3B-385C48F6CAE2} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E39CEDE4-BA27-4907-B6AD-70645D28A77D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E43B14E7-E8FE-4FEE-B20A-F6A5AD63056D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E677BA57-730E-4D62-8AA8-61E57F645CC3} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E6DA23DB-09C7-49CA-B81B-FE759C9CCBE6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E770C903-9408-4CD8-AD4E-37890C3FE831} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E889816A-6F51-41CF-B32D-3308BB40F808} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{E8A52319-A32D-4F8E-A924-076E401D87C1} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EBDB5047-F51E-4B7B-BFF7-97BED7084908} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{ED7EF323-731E-4120-BCD5-FDD451144E20} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EE62A9FA-CB13-44F2-B8B8-4DAF0DCB2A01} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EE8A206F-1C3D-45B1-A3DB-172A8C08BE08} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EE998F5D-9536-4F2F-909E-49DC4BD56A3E} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EECD1945-586C-4D6A-A0E0-6D7D6EE96778} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{EF24287F-287D-435E-85E8-18E0BBA26E96} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F00B1DF9-0F96-4BD6-9AF9-8185E14C0943} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F03910FE-0C0A-4DE9-A9C8-A949007E5416} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F0E47E0D-6681-4CA8-A7A9-6E7DE3306171} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F199024C-71C4-49C8-8272-0008B2743F3B} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F42B69BD-FAB2-4876-906F-254982B79409} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F597439B-ABCE-496D-A420-B30956B6627A} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F66C14C8-D4D9-4833-BF4F-5D7A5104D07D} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F71C6377-F648-451B-AC22-68753E69AC17} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F78E04FF-BF4F-4BD0-A881-702675ECFE9C} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{F8E83B21-5D5F-4188-A445-594CDAED3EDD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FA42F143-510B-4265-A358-235E7CB9A0DD} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FAD95E1E-19A5-41C5-8329-FB1876765ED5} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FB61131F-6917-4B31-B916-947AE6A659B6} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FBD52BCD-2065-44D6-BCA9-57D183FF3959} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FC09578D-1EA8-4A6C-A7CD-ED96CAF902E2} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FC21CBEA-1B11-4016-937D-79EAEA2B53FE} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FF2B5FDE-7740-4494-BA4D-CED945A3CB48} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\AppData\Local\{FF8B3C3B-184D-4170-A18B-52EABFFE8423} (Empty Folder)
Successfully deleted: C:\Users\MICHELE\Appdata\LocalLow\Toolbar4 (Folder) 
Successfully deleted: C:\Users\MICHELE\AppData\Roaming\pccustubinstaller (Folder) 
Successfully deleted: C:\windows\couponprinter.ocx (File) 
Successfully deleted: C:\windows\SysWOW64\sho3D3B.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/16/2016 at 11:02:30.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
It seems to be running better than before ... thanks ... what's next?
 
dog

  • 0

#4
dbreeze
Posted 16 February 2016 - 07:15 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

FIRST >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


SECOND >>>>

Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either the desktop shortcut (if you have one) or the Start Menu listing.
When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


  • 0

#5
moondog830
Posted 17 February 2016 - 07:16 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

AdwClnr log

 

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 19:14:24
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : MICHELE - MICHELE-PC
# Running from : C:\Users\MICHELE\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2716 bytes] ##########
 
 
Malwarebytes log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/17/2016
Scan Time: 7:31 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.17.07
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MICHELE
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335866
Time Elapsed: 22 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
still running pretty good ... 
 
dog

  • 0

#6
dbreeze
Posted 17 February 2016 - 07:54 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

The logs are looking a lot cleaner; good to hear the system is running better also.

 

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.
 


  • 0

#7
moondog830
Posted 20 February 2016 - 12:17 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

I ran the ESET scanner (it's not like your post shows anymore) and it produced 2 logs ... First Scan and Computer Scan ... I've tried to upload them 4 times but the page keeps crashing and asking if I want to wait or kill the pages

 

I'm going to try to upload just one and see if I can get that up.

 

dog


  • 0

#8
moondog830
Posted 20 February 2016 - 12:27 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

okay, that didn't work ... not sure what to do ... I'm guessing it could be my internet speed ... I'm on satellite and my upload is considerably slower than my download. Will have to wait until tomorrow when I go to the High School for JV Softball practice ... I'll upload them then. Just letting you know


  • 0

#9
dbreeze
Posted 20 February 2016 - 01:07 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

First scan and Computer scan?  Sounds like you installed the trial version instead of the Online Scanner application.  Can you check the Programs and Features listing in the Control Panel and see what ESET application is listed there?

 

Did the scan find much infected / malicious / threats?  At the end of the logs there should be a section showing the listed "Infected Files"; can you copy and paste just those lines?


  • 0

#10
moondog830
Posted 20 February 2016 - 01:36 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

That is correct, because I couldn't find the online scan ... 

 

First Scan

 

Number of scanned objects: 296716
Number of threats found: 0
Time of completion: 8:43:03 AM  Total scanning time: 41807 sec (11:36:47)
 
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 
Computer Scan
 
Number of scanned objects: 202768
Number of threats found: 4
Number of cleaned objects: 4
Time of completion: 7:18:13 AM  Total scanning time: 37348 sec (10:22:28)
 
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
 
sorry, tried to follow orders :)
 
dog

  • 0

#11
dbreeze
Posted 20 February 2016 - 01:51 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That is ok; looks like it found some items not active.  Based on that and the other logs, it looks like this is cleaned.

 

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time.  You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.  Note:  You can keep the trial of ESET Antivirus installed if you want.  I have some recommendations for FREE AVs later; your choice if you want them just make sure to uninstall the trial first as you only want one active real time AntiVirus on the system.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.
  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):
  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:
  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:
  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
 


  • 0

#12
moondog830
Posted 21 February 2016 - 12:30 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
DelFix Log
 
# DelFix v1.011 - Logfile created 21/02/2016 at 13:17:53
# Updated 18/08/2015 by Xplode
# Username : MICHELE - MICHELE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #403 [Windows Update | 02/11/2016 12:45:09]
Deleted : RP #404 [Windows Update | 02/12/2016 10:56:46]
Deleted : RP #406 [Restore Point Created by FRST | 02/16/2016 15:44:07]
Deleted : RP #407 [JRT Pre-Junkware Removal | 02/16/2016 15:54:13]
Deleted : RP #408 [Windows Update | 02/19/2016 14:19:50]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
thanks for all the help ... I am installing Avast free on her laptop (thought I had done this initially, but apparently not. 

  • 0

#13
dbreeze
Posted 21 February 2016 - 02:50 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP