Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Laptop - CPU is 100%


  • This topic is locked This topic is locked

#1
jasmill

jasmill

    Member

  • Member
  • PipPip
  • 50 posts

This laptop is super infected. I ran Malwarebytes before coming here and removed 668 threats. Even after that the CPU is going nuts. It regularly hits 100%. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-07-2017
Ran by Dewayne Liggett (administrator) on OWNER-PC (26-07-2017 20:10:12)
Running from C:\Users\Dewayne Liggett\Desktop
Loaded Profiles: Dewayne Liggett (Available Profiles: Owner & Dewayne Liggett)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe
(Microsoft Corporation) C:\afba79d4f42dfbb7a2867349c1167419\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE3026DA-3F90-4632-9FC8-A9C8F7D4EC3D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> DefaultScope {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default [2017-07-26]
CHR Extension: (Google Slides) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-25]
CHR Extension: (Google Docs) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-25]
CHR Extension: (Google Drive) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-25]
CHR Extension: (YouTube) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-25]
CHR Extension: (Google Sheets) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-25]
CHR Extension: (Google Docs Offline) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-25]
CHR Extension: (Gmail) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-25]
CHR Extension: (Chrome Media Router) - C:\Users\Dewayne Liggett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-26] (Malwarebytes)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ZTEusbgps; C:\windows\System32\DRIVERS\ZTEusbgps.sys [121344 2010-12-03] (ZTE Incorporated)
S3 ZTEusbnmeaext; C:\windows\System32\DRIVERS\ZTEusbnmeaext.sys [121344 2010-12-03] (ZTE Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-26 20:10 - 2017-07-26 20:12 - 00010751 _____ C:\Users\Dewayne Liggett\Desktop\FRST.txt
2017-07-26 20:09 - 2017-07-26 20:10 - 00000000 ____D C:\FRST
2017-07-26 20:08 - 2017-07-26 20:08 - 02382848 _____ (Farbar) C:\Users\Dewayne Liggett\Desktop\FRST64.exe
2017-07-26 19:55 - 2017-07-26 19:56 - 00000000 ____D C:\afba79d4f42dfbb7a2867349c1167419
2017-07-25 22:39 - 2017-07-25 22:45 - 00007598 _____ C:\Users\Dewayne Liggett\AppData\Local\Resmon.ResmonCfg
2017-07-25 22:38 - 2017-07-25 22:38 - 00002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-25 22:38 - 2017-07-25 22:38 - 00002230 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-25 22:35 - 2017-07-25 22:36 - 00000000 ____D C:\Users\Dewayne Liggett\AppData\Local\Deployment
2017-07-25 22:35 - 2017-07-25 22:35 - 00000000 ____D C:\Users\Dewayne Liggett\AppData\Local\Apps\2.0
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieUserList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieSiteList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieBrowserModeList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieUserList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieSiteList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieBrowserModeList
2017-07-25 21:27 - 2017-07-25 21:27 - 00000000 ____D C:\Users\Dewayne Liggett\AppData\Local\VS Revo Group
2017-07-25 20:45 - 2017-07-25 20:45 - 00007601 _____ C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2017-07-25 20:22 - 2017-07-25 20:22 - 01130328 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2017-07-25 19:44 - 2017-07-25 22:24 - 00602358 _____ C:\windows\ntbtlog.txt
2017-07-25 19:38 - 2017-07-26 19:52 - 00253856 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-25 19:38 - 2017-07-25 19:38 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-25 19:38 - 2017-07-25 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-25 19:38 - 2017-07-25 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-25 19:38 - 2017-07-25 19:38 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-25 19:38 - 2017-06-27 12:06 - 00077376 _____ C:\windows\system32\Drivers\mbae64.sys
2017-07-25 19:35 - 2017-07-25 19:35 - 00001088 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-07-25 19:35 - 2017-07-25 19:35 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
2017-07-25 19:35 - 2017-07-25 19:35 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-07-25 19:35 - 2017-07-25 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-07-25 19:35 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2017-07-25 19:34 - 2017-07-25 19:34 - 00000000 ____D C:\Program Files\VS Revo Group
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-26 20:07 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-26 20:07 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-26 20:01 - 2011-11-28 09:22 - 00776078 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-07-26 20:01 - 2009-07-14 00:13 - 00776078 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-26 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2017-07-26 19:45 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-25 22:44 - 2012-10-17 11:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-07-25 22:38 - 2013-11-18 16:35 - 00000000 ____D C:\Users\Dewayne Liggett\AppData\Local\Google
2017-07-25 22:38 - 2011-09-14 13:59 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-25 22:36 - 2011-09-14 13:59 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-25 22:36 - 2011-09-14 13:59 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-25 22:26 - 2011-09-14 13:59 - 00000000 ____D C:\Program Files\Google
2017-07-25 22:13 - 2012-11-14 19:13 - 00000000 ____D C:\windows\Minidump
2017-07-25 22:07 - 2011-07-21 20:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-25 22:06 - 2011-07-21 20:56 - 00000000 ____D C:\ProgramData\Toshiba
2017-07-25 22:06 - 2011-07-21 20:54 - 00000000 ____D C:\Program Files (x86)\Toshiba
2017-07-25 22:05 - 2011-07-21 20:49 - 00000000 ____D C:\Program Files\TOSHIBA
2017-07-25 21:49 - 2013-11-18 16:28 - 00001428 _____ C:\Users\Dewayne Liggett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-25 21:49 - 2011-09-14 13:58 - 00000000 ____D C:\ProgramData\Google
2017-07-25 21:46 - 2015-01-21 18:50 - 00000000 ____D C:\ProgramData\Yahoo!
2017-07-25 21:45 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-25 21:44 - 2011-09-14 13:54 - 00000000 ____D C:\ProgramData\WildTangent
2017-07-25 21:43 - 2011-09-14 13:49 - 00000000 ____D C:\ProgramData\Norton
2017-07-25 21:41 - 2011-09-14 13:48 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-07-25 21:31 - 2013-06-25 17:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-07-25 20:05 - 2015-01-21 18:50 - 00000000 ____D C:\Users\Owner\AppData\Local\DesktopTemperature
 
==================== Files in the root of some directories =======
 
2017-07-25 22:39 - 2017-07-25 22:45 - 0007598 _____ () C:\Users\Dewayne Liggett\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2013-05-17 16:16 - 2013-05-17 16:16 - 0388560 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
2013-05-17 16:16 - 2013-05-17 16:16 - 0286072 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
2011-11-27 07:41 - 2010-11-09 07:51 - 0073728 ____R () C:\Users\Owner\AppData\Local\Temp\eject.exe
2013-05-17 15:43 - 2013-05-17 16:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
2013-05-17 16:16 - 2013-05-17 16:16 - 14592720 _____ (Symantec Corporation                                        ) C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
2015-01-21 18:51 - 2015-01-21 18:51 - 0008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2015-01-21 18:49 - 2015-01-21 18:49 - 0167776 _____ (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\SymCCIS.dll
2011-11-14 23:49 - 2011-11-14 23:49 - 0788544 ____N (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25986.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-01-27 17:48
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017
Ran by Dewayne Liggett (26-07-2017 20:14:41)
Running from C:\Users\Dewayne Liggett\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-15 02:31:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3039024503-3107911979-1817968902-500 - Administrator - Disabled)
Dewayne Liggett (S-1-5-21-3039024503-3107911979-1817968902-1003 - Administrator - Enabled) => C:\Users\Dewayne Liggett
Guest (S-1-5-21-3039024503-3107911979-1817968902-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3039024503-3107911979-1817968902-1002 - Limited - Enabled)
Owner (S-1-5-21-3039024503-3107911979-1817968902-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Shutterfly Express Uploader (HKLM-x32\...\{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}) (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
Verizon Wireless AC30 Firmware Updates (HKLM-x32\...\{3F46EA41-3D29-4904-97AD-374826F8D9DC}) (Version: 1.0.8 - Smith Micro Software, Inc.)
VZAccess Manager (HKLM-x32\...\{613F2884-08BD-4561-9934-111D80A2F30B}) (Version: 7.3.14.0 - Smith Micro Software Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
ZTE USB Drivers (HKLM-x32\...\{5C5BB2C4-54F9-4A17-8845-090C7BEC232C}) (Version: 1.0.012 - ZTE)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-08-11] (Apple Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31A3E814-2C36-46A5-B721-C24751922E27} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
Task: {784368A9-D099-4025-9F61-1DB3CE7FC8F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D7DC8E0-B64C-4BC3-95B9-5FB805B2BCA1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {953ACB42-5FB1-414F-85C7-85B1207D4030} - \ArcadeParlor -> No File <==== ATTENTION
Task: {A12518D9-7C98-4321-BC0E-1AEFA639F239} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe
Task: {AD3F19AF-6B9B-4210-9A60-38466E184868} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B79343E5-ED11-47ED-974A-6A404EFCC618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-25] (Google Inc.)
Task: {B8B8D5DA-951B-46A1-BE49-823195496653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-25] (Google Inc.)
Task: {BD826A1E-CA5E-444F-8A2D-B1BAA81E2993} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {C1414F89-6B38-44EE-B79A-85A63B8A319F} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Dewayne Liggett\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E7EC2917-1747-4EA6-A12E-ABD45B120283}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{302B8DE8-7564-4D70-AE6E-28AFE382FECF}] => (Allow) LPort=2869
FirewallRules: [{75A6D0D1-C09F-4402-ACD9-BD39FF813DA6}] => (Allow) LPort=1900
FirewallRules: [{E66B86AE-5796-43D8-A132-770191C88A4B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4CC5DA37-317E-4BE9-A02E-D32B62FEAD84}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{8C39E855-1E81-42D4-A10B-9871045D2A7E}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{0A479C4A-0FB9-42C8-82F9-41A6F982AEC3}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{98CD549B-F7F9-443D-A531-63BD8C5664A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7AF6E80-7DBF-4B24-9503-9A7F65E66C1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49273C62-6E33-42B2-9334-F24AEF3D54D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09D0ECDF-7D7E-4699-B4A9-33454FD15DD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ABF0BC24-303A-450B-994E-FC4974BB929F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7B8D37B1-C0D6-4FDE-A439-0D45C7C059C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-12-2014 20:38:44 Windows Update
18-12-2014 17:29:29 Windows Update
19-12-2014 15:59:31 Windows Update
27-12-2014 00:39:33 Windows Update
01-01-2015 14:34:42 Windows Update
06-01-2015 18:34:13 Windows Update
13-01-2015 19:59:41 Windows Update
14-01-2015 17:45:24 Windows Update
15-01-2015 17:22:10 Windows Update
20-01-2015 17:51:38 Windows Update
23-01-2015 18:56:57 Windows Update
27-01-2015 17:48:07 Windows Update
28-01-2015 19:01:12 Windows Update
26-07-2017 19:49:43 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2017 07:45:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/25/2017 10:28:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/25/2017 10:06:59 PM) (Source: MsiInstaller) (EventID: 11719) (User: Owner-PC)
Description: Product: TOSHIBA ReelTime -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
 
Error: (07/25/2017 10:06:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - TOSHIBA ReelTime; Error = 0x8007043c).
 
Error: (07/25/2017 10:05:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - TOSHIBARegistration; Error = 0x8007043c).
 
Error: (07/25/2017 10:05:04 PM) (Source: MsiInstaller) (EventID: 11719) (User: Owner-PC)
Description: Product: TOSHIBA Value Added Package -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
 
Error: (07/25/2017 10:04:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - TOSHIBA Value Added Package; Error = 0x8007043c).
 
Error: (07/25/2017 10:04:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - Toshiba Online Backup; Error = 0x8007043c).
 
Error: (07/25/2017 10:03:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\DEWAYN~1\AppData\Local\Temp\set21F1.tmp -deleter -l0x9 -your_launchersetup.exe -clone_of"C:\Program Files (x86)\InstallShield Installation Information\{0AF17224-CF88-40B8-BB1A-D179369847B4}\"; Description = Removed TOSHIBA Supervisor Password; Error = 0x8007043c).
 
Error: (07/25/2017 10:03:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - TOSHIBA Supervisor Password; Error = 0x8007043c).
 
 
System errors:
=============
Error: (07/26/2017 08:09:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3097989).
 
Error: (07/25/2017 10:52:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (07/25/2017 10:23:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 10:23:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 10:23:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 10:23:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 09:51:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 09:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 09:49:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/25/2017 09:49:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 76%
Total physical RAM: 3686.87 MB
Available physical RAM: 854.27 MB
Total Virtual: 7371.92 MB
Available Virtual: 5030.59 MB
 
==================== Drives ================================
 
Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:203.4 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D2F26588)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.2 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can you post the Malwarebytes log
To do that
open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.[/list]

    Next
    Click start> search and type cmd, right click on the returned cmd.exe and select "run as administrator" at the prompt>>> type or (copy paste) the text in the code box below into the command prompt window
    echo > 0 & tasklist /v >> 0 & net start >> 0 & notepad 0
  • press enter on your keyboard.
    A log file in note pad will be created on the desktop.
    Post all of the notepad outcome in your next reply.

  • 0

#3
jasmill

jasmill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
 
 
ECHO is on.
 
Image Name                     PID Session Name        Session#    Mem Usage Status          User Name                                              CPU Time Window Title                                                            
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process              0 Services                   0         24 K Unknown         NT AUTHORITY\SYSTEM                                     0:09:55 N/A                                                                     
System                           4 Services                   0        960 K Unknown         N/A                                                     0:01:03 N/A                                                                     
smss.exe                       256 Services                   0         80 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
csrss.exe                      356 Services                   0      1,612 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
csrss.exe                      464 Console                    1      2,816 K Running         NT AUTHORITY\SYSTEM                                     0:00:05 N/A                                                                     
wininit.exe                    472 Services                   0        124 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
services.exe                   520 Services                   0      4,004 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
winlogon.exe                   548 Console                    1      1,340 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
lsass.exe                      576 Services                   0      6,892 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:07 N/A                                                                     
lsm.exe                        584 Services                   0      1,384 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                    688 Services                   0      3,000 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
svchost.exe                    764 Services                   0      3,520 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:01 N/A                                                                     
atiesrxx.exe                   812 Services                   0        140 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                    884 Services                   0      8,580 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:03 N/A                                                                     
svchost.exe                    944 Services                   0    134,976 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:03 N/A                                                                     
svchost.exe                    972 Services                   0      6,620 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
svchost.exe                   1016 Services                   0  1,200,680 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:33 N/A                                                                     
TrustedInstaller.exe           304 Services                   0    287,136 K Unknown         NT AUTHORITY\SYSTEM                                     0:13:54 N/A                                                                     
svchost.exe                   1108 Services                   0      5,592 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:11 N/A                                                                     
spoolsv.exe                   1224 Services                   0      1,948 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1256 Services                   0      5,912 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:03 N/A                                                                     
AppleMobileDeviceService.     1332 Services                   0        824 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
mDNSResponder.exe             1372 Services                   0      1,936 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
sftvsa.exe                    1692 Services                   0        144 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1748 Services                   0        168 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
WLIDSVC.EXE                   1784 Services                   0        652 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
sftlist.exe                   1944 Services                   0        836 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
WLIDSVCM.EXE                  2036 Services                   0        128 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
CVHSVC.EXE                    2068 Services                   0        676 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   2308 Services                   0        148 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
mscorsvw.exe                  2380 Services                   0      5,372 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:02 N/A                                                                     
mscorsvw.exe                  2400 Services                   0      3,076 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
atieclxx.exe                  2484 Console                    1        200 K Running         NT AUTHORITY\SYSTEM                                     0:00:00 AMD EEU Client                                                          
taskhost.exe                  2828 Console                    1      4,024 K Running         Owner-PC\Dewayne Liggett                                0:00:00 MCI command handling window                                             
dwm.exe                       2924 Console                    1     18,240 K Running         Owner-PC\Dewayne Liggett                                0:00:16 DWM Notification Window                                                 
explorer.exe                  2956 Console                    1     35,144 K Running         Owner-PC\Dewayne Liggett                                0:00:09 N/A                                                                     
mbamtray.exe                  2352 Console                    1      3,560 K Running         Owner-PC\Dewayne Liggett                                0:00:00 mbamtray                                                                
MBAMService.exe               1404 Services                   0      4,512 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:11 N/A                                                                     
SearchIndexer.exe             2808 Services                   0     12,932 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:05 N/A                                                                     
wmpnetwk.exe                  3192 Services                   0     11,500 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:15 N/A                                                                     
svchost.exe                   3428 Services                   0      3,152 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
svchost.exe                   3612 Services                   0      5,596 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
dllhost.exe                   3936 Services                   0        416 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1000 Services                   0      3,000 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:22 N/A                                                                     
svchost.exe                    544 Services                   0        228 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   2260 Services                   0      2,088 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
wuauclt.exe                    288 Services                   0     84,208 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:02 N/A                                                                     
chrome.exe                    2732 Console                    1     78,296 K Running         Owner-PC\Dewayne Liggett                                0:00:33 Replying To Infected Laptop - CPU is 100% - Geeks to Go Forum - Google C
chrome.exe                    3964 Console                    1        724 K Running         Owner-PC\Dewayne Liggett                                0:00:00 N/A                                                                     
chrome.exe                    1012 Console                    1        380 K Running         Owner-PC\Dewayne Liggett                                0:00:00 N/A                                                                     
chrome.exe                    3884 Console                    1     17,332 K Unknown         Owner-PC\Dewayne Liggett                                0:00:19 N/A                                                                     
chrome.exe                    3912 Console                    1     60,128 K Unknown         Owner-PC\Dewayne Liggett                                0:01:01 N/A                                                                     
mbam.exe                      3868 Console                    1     13,820 K Running         Owner-PC\Dewayne Liggett                                0:00:31 Malwarebytes Free 3.1.2                                                 
taskhost.exe                  1272 Console                    1        744 K Running         Owner-PC\Dewayne Liggett                                0:00:00 Task Host Window                                                        
audiodg.exe                   2240 Services                   0     14,024 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
notepad.exe                   3272 Console                    1      2,032 K Running         Owner-PC\Dewayne Liggett                                0:00:01 MBAM - Notepad                                                          
cmd.exe                       3688 Console                    1      2,792 K Running         Owner-PC\Dewayne Liggett                                0:00:00 tasklist  /v                                                            
conhost.exe                   4868 Console                    1      5,044 K Running         Owner-PC\Dewayne Liggett                                0:00:00 OleMainThreadWndName                                                    
SearchProtocolHost.exe        4888 Services                   0      8,368 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
SearchFilterHost.exe          4908 Services                   0      8,692 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
mscorsvw.exe                  4352 Services                   0     10,976 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
tasklist.exe                  4644 Console                    1      5,872 K Unknown         Owner-PC\Dewayne Liggett                                0:00:00 N/A                                                                     
WmiPrvSE.exe                  1040 Services                   0      6,040 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
These Windows services are started:
 
   AMD External Events Utility
   Apple Mobile Device
   Application Experience
   Application Information
   Application Virtualization Client
   Application Virtualization Service Agent
   Background Intelligent Transfer Service
   Base Filtering Engine
   Bonjour Service
   Client Virtualization Handler
   CNG Key Isolation
   COM+ Event System
   Computer Browser
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   Extensible Authentication Protocol
   Function Discovery Provider Host
   Function Discovery Resource Publication
   Group Policy Client
   HomeGroup Listener
   HomeGroup Provider
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   IPsec Policy Agent
   Malwarebytes Service
   Microsoft .NET Framework NGEN v4.0.30319_X64
   Microsoft .NET Framework NGEN v4.0.30319_X86
   Microsoft Software Shadow Copy Provider
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Peer Name Resolution Protocol
   Peer Networking Grouping
   Peer Networking Identity Manager
   Plug and Play
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Themes
   UPnP Device Host
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Backup
   Windows Defender
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Live ID Sign-in Assistant
   Windows Management Instrumentation
   Windows Media Player Network Sharing Service
   Windows Modules Installer
   Windows Search
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   WLAN AutoConfig
   Workstation
 
The command completed successfully.
 

Attached Files

  • Attached File  MBAM.log   99.71KB   16 downloads

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
  • iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  • adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
  • Next
    [list]
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.


    Programs to uninstall
    Java™ 6 Update 25
    Old versions of Java are an infection risk.

  • 0

#5
jasmill

jasmill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thank you so much for your help! You are a saint!

 

ADW

 

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 28 13:45:45 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\Owner\AppData\Local\DesktopTemperature
Deleted: C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
Deleted: C:\Users\Owner\AppData\Roaming\pccustubinstaller
Deleted: C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Owner\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Users\Owner\AppData\LocalLow\iac
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKLM\SOFTWARE\InboxAce_1g
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3127 B] - [2017/7/28 13:43:32]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Dewayne Liggett (Administrator) on Fri 07/28/2017 at  8:52:46.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HIL8UYN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUE0IBLQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN2YE8X2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J11GCRIJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dewayne Liggett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HIL8UYN (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUE0IBLQ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN2YE8X2 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J11GCRIJ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/28/2017 at  8:58:57.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Hello,

It appears you have left over Norton Anti Virus files running, probably due to an old installation of Norton Anti Virus that was installed at one time or another.

Lets run the Norton removal tool to get rid of them as they can cause problems.

Download and run the Norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Save the file to the desktop and run it.

Let me know what that is completed.

Thanks
Joe
  • 0

#7
jasmill

jasmill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Done


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> DefaultScope {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21] (Sun Microsystems, Inc
S4 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieUserList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieSiteList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieBrowserModeList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieUserList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieSiteList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieBrowserModeList
2013-05-17 16:16 - 2013-05-17 16:16 - 0388560 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
2013-05-17 16:16 - 2013-05-17 16:16 - 0286072 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
2011-11-27 07:41 - 2010-11-09 07:51 - 0073728 ____R () C:\Users\Owner\AppData\Local\Temp\eject.exe
2013-05-17 15:43 - 2013-05-17 16:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
2013-05-17 16:16 - 2013-05-17 16:16 - 14592720 _____ (Symantec Corporation                                        ) C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
2015-01-21 18:51 - 2015-01-21 18:51 - 0008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2015-01-21 18:49 - 2015-01-21 18:49 - 0167776 _____ (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\SymCCIS.dll
2011-11-14 23:49 - 2011-11-14 23:49 - 0788544 ____N (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25986.exe
Task: {31A3E814-2C36-46A5-B721-C24751922E27} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
C:\Program Files (x86)\Norton AntiVirus
Task: {953ACB42-5FB1-414F-85C7-85B1207D4030} - \ArcadeParlor -> No File <==== ATTENTION
Task: {C1414F89-6B38-44EE-B79A-85A63B8A319F} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
FirewallRules: [TCP Query User{8C39E855-1E81-42D4-A10B-9871045D2A7E}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{0A479C4A-0FB9-42C8-82F9-41A6F982AEC3}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#9
jasmill

jasmill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017
Ran by Dewayne Liggett (28-07-2017 13:14:40) Run:1
Running from C:\Users\Dewayne Liggett\Desktop
Loaded Profiles: Dewayne Liggett (Available Profiles: Owner & Dewayne Liggett)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> DefaultScope {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {29530B11-65C9-42E3-A4C8-6804D8D30EA7} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3039024503-3107911979-1817968902-1003 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java� Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21] (Sun Microsystems, Inc
S4 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieUserList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieSiteList
2017-07-25 22:29 - 2017-07-25 22:29 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\LocalLow\EmieBrowserModeList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieUserList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieSiteList
2017-07-25 21:48 - 2017-07-25 21:48 - 00000000 __SHD C:\Users\Dewayne Liggett\AppData\Local\EmieBrowserModeList
2013-05-17 16:16 - 2013-05-17 16:16 - 0388560 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
2013-05-17 16:16 - 2013-05-17 16:16 - 0286072 _____ (Igor Pavlov) C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
2011-11-27 07:41 - 2010-11-09 07:51 - 0073728 ____R () C:\Users\Owner\AppData\Local\Temp\eject.exe
2013-05-17 15:43 - 2013-05-17 16:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
2013-05-17 16:16 - 2013-05-17 16:16 - 14592720 _____ (Symantec Corporation                                        ) C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
2015-01-21 18:51 - 2015-01-21 18:51 - 0008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2015-01-21 18:49 - 2015-01-21 18:49 - 0167776 _____ (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\SymCCIS.dll
2011-11-14 23:49 - 2011-11-14 23:49 - 0788544 ____N (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25986.exe
Task: {31A3E814-2C36-46A5-B721-C24751922E27} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
C:\Program Files (x86)\Norton AntiVirus
Task: {953ACB42-5FB1-414F-85C7-85B1207D4030} - \ArcadeParlor -> No File <==== ATTENTION
Task: {C1414F89-6B38-44EE-B79A-85A63B8A319F} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe
FirewallRules: [TCP Query User{8C39E855-1E81-42D4-A10B-9871045D2A7E}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{0A479C4A-0FB9-42C8-82F9-41A6F982AEC3}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key removed successfully
HKLM\Software\Classes\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29530B11-65C9-42E3-A4C8-6804D8D30EA7} => key removed successfully
HKLM\Software\Classes\CLSID\{29530B11-65C9-42E3-A4C8-6804D8D30EA7} => key not found. 
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key removed successfully
HKLM\Software\Classes\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully
HKLM\Software\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\System\CurrentControlSet\Services\PCCUJobMgr => key removed successfully
PCCUJobMgr => service removed successfully
C:\Users\Dewayne Liggett\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Dewayne Liggett\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\Dewayne Liggett\AppData\LocalLow\EmieBrowserModeList => moved successfully
C:\Users\Dewayne Liggett\AppData\Local\EmieUserList => moved successfully
C:\Users\Dewayne Liggett\AppData\Local\EmieSiteList => moved successfully
C:\Users\Dewayne Liggett\AppData\Local\EmieBrowserModeList => moved successfully
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\eject.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\SpOrder.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\SymCCIS.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25986.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31A3E814-2C36-46A5-B721-C24751922E27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31A3E814-2C36-46A5-B721-C24751922E27} => key removed successfully
C:\windows\System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Processor 18.7.1.3 => key removed successfully
"C:\Program Files (x86)\Norton AntiVirus" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{953ACB42-5FB1-414F-85C7-85B1207D4030} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{953ACB42-5FB1-414F-85C7-85B1207D4030} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ArcadeParlor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1414F89-6B38-44EE-B79A-85A63B8A319F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1414F89-6B38-44EE-B79A-85A63B8A319F} => key removed successfully
C:\windows\System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.7.1.3 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8C39E855-1E81-42D4-A10B-9871045D2A7E}C:\program files (x86)\java\jre6\bin\java.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0A479C4A-0FB9-42C8-82F9-41A6F982AEC3}C:\program files (x86)\java\jre6\bin\java.exe => value removed successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{DDC8A549-95A0-4ECD-BB8A-CB2CBFCD6825} canceled.
{E1AF8417-C9E4-4FBD-8173-B6D40EA68D17} canceled.
{1302B623-2F15-406C-808A-2DE429F8FE1C} canceled.
3 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3039024503-3107911979-1817968902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8457666 B
Java, Flash, Steam htmlcache => 794 B
Windows/system/drivers => 38081822 B
Edge => 0 B
Chrome => 33333967 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42337004 B
systemprofile32 => 98856 B
LocalService => 0 B
NetworkService => 89254 B
Owner => 1274029639 B
Dewayne Liggett => 54564231 B
 
RecycleBin => 2103744 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:17:56 ====

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Hello,

Any change in computer behavior ?
  • 0

#11
jasmill

jasmill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Yes. It seems to be running sooooo much better. CPU is below 5% most of the time.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Hello,

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,668 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP