Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SpyWare, Malware, F U Ware! You Name It!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 15th, 2015, 12:45 am

I did notice in the rules you choose not to help with "work" computers and I understand that, but this definitely is my personal computer that I do use for my work as a Realtor which is in reality, personal. Not for the benefit of a company. I am an independent contractor and work from home. I just did not want to lie or conceal that I use it for work.

I'm not much of a computer expert by any means but I'm not an idiot, I don't think! :shock: I don't normally have too many issues on my laptop, since I use it for work as a Realtor and can't afford to be downloading games or music or porn, that's what an iPad is for! LOL 8) Anyway, yesterday I got infected with something after I started using Firefox I think. I was using Chrome for the longest time and had no issues, not many anyway. Then yesterday the sh*t hit the fan and I could barely use my internet browser at all, none of them, Chrome, Firefox, IE... I had so many pop-up ads all over my screen I couldn't see what I was doing! After several hours of research and banging my head against the wall, I came across ComboFix! Well, I'm very impatient and didn't figure I would do anything terrible by running it on my own, so I did, and it seems that so far I haven't ruined my computer yet... :roll: I wasn't able to save it DIRECTLY to my desktop when I installed it though because I never got the dialog box that gave me the option, it just automatically saved it to the "Downloads" folder as soon as I clicked "download". So, I created a Desktop Shortcut in hopes THAT would at least help, since the program would NOT let me move it to the desktop. I didn't seem to have any problems and my computer already seems to be running much better and faster and SO FAR no pop-ups when opening Chrome. :cheers: I have the Log Report from running ComboFix and will post it if someone would PLEASE look at it and help me ensure it IS clear of all that garbage and mostly that my computer isn't going to crash when I uninstall ComboFix... :) AND, will I be able to efficiently uninstall it since it's not ON the desktop? Below are my DDS.txt and Attach.txt THANK YOU in advance for an help. :D Your the :king: Tiny Elvis!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.71.2
Run by Annemarie at 22:36:29 on 2015-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1958 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = http://www.google.com
uProxyOverride = <-loopback>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: {FB15427B-89A4-5618-6637-DB71AA7024FB} - <orphaned>
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\ANNEMA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{17D7F07A-1B5C-489B-86BE-D10B071BEDDB} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478}\051647279636B602341627E6569702C4962627162797 : DHCPNameServer = 208.67.222.222 208.67.220.220 68.105.28.12
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478}\2416B656270255E4944554 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478}\34D455 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478}\3525341425D275962756C6563737 : DHCPNameServer = 192.168.189.50 192.168.189.1
TCP: Interfaces\{DB3286C1-F45A-46D2-A0EE-CBA2E4EFE478}\3547162744573747 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = http://www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-5-29 203776]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-10-23 2449592]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-12-11 506928]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2013-4-10 11576]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-17 5093216]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-5-29 116752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-5-29 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-22 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2015-1-14 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-29 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-29 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\windows\System32\drivers\swumxa3.sys [2009-5-4 198528]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-15 04:00:56 -------- d-sh--w- C:\$RECYCLE.BIN
2015-01-15 02:16:07 43664 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2015-01-15 01:35:33 -------- d-----w- C:\Users\Annemarie\AppData\Local\Lavasoft
2015-01-15 01:35:15 358736 ----a-w- C:\windows\System32\LavasoftTcpService64.dll
2015-01-15 01:35:11 312424 ----a-w- C:\windows\SysWow64\LavasoftTcpService.dll
2015-01-15 01:34:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-01-15 00:01:24 -------- d-----w- C:\windows\SysWow64\TrayIcons
2015-01-15 00:01:21 -------- d-----w- C:\cache
2015-01-15 00:00:01 1285259 ----a-w- C:\windows\shost.bin
2015-01-14 22:08:25 -------- d-----w- C:\Users\Annemarie\AppData\Local\Macromedia
2015-01-14 21:01:50 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 21:01:05 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-01-14 21:01:04 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-01-14 21:01:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 20:40:58 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C8DC31F-BB23-4303-80C5-C2FD06CFD728}\offreg.dll
2015-01-14 20:39:35 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F5183AF-1AE9-417F-9DE0-7974E9FF1649}\gapaengine.dll
2015-01-14 20:39:01 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C8DC31F-BB23-4303-80C5-C2FD06CFD728}\mpengine.dll
2015-01-14 20:36:41 5 ----a-w- C:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2015-01-14 15:18:56 -------- d-----w- C:\Users\Annemarie\AppData\Local\globalUpdate
2015-01-14 15:18:56 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-01-14 15:12:53 -------- d-----w- C:\Users\Annemarie\AppData\Local\Pro_PC_Cleaner
2015-01-14 07:54:05 52736 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-01-14 07:54:04 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-01-14 07:54:03 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-01-14 07:54:03 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-01-14 07:54:03 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-01-14 07:54:01 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-01-14 07:53:56 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-01-14 07:53:54 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 07:53:53 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-01-14 07:53:51 503808 ----a-w- C:\windows\System32\srcore.dll
2015-01-14 07:53:51 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-01-14 07:53:48 50176 ----a-w- C:\windows\System32\srclient.dll
2015-01-14 07:53:48 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-01-13 14:18:45 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-12 16:06:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-12 16:06:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-12 16:06:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-12 16:06:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-12 16:06:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-12 16:01:53 -------- d-----w- C:\Program Files\iPod
2015-01-12 16:01:51 -------- d-----w- C:\Program Files\iTunes
2015-01-11 11:42:34 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-11 10:56:36 -------- d-----w- C:\Users\Annemarie\AppData\Local\Mozilla
2015-01-11 09:40:03 -------- d-----w- C:\ProgramData\APN
2014-12-18 04:43:25 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-18 04:43:20 144384 ----a-w- C:\windows\System32\ieUnatt.exe
.
==================== Find3M ====================
.
2014-12-31 11:14:31 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 12:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 02:05:21 4121600 ----a-w- C:\windows\System32\mf.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- C:\windows\SysWow64\mf.dll
.
============= FINISH: 22:36:53.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2011 2:51:06 PM
System Uptime: 1/14/2015 9:51:10 PM (1 hours ago)
.
Motherboard: AMD | | Inagua
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 316.782 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP399: 1/1/2015 12:13:16 PM - Windows Update
RP400: 1/4/2015 5:50:05 PM - Windows Update
RP401: 1/6/2015 8:18:36 PM - Installed QuickTime 7
RP402: 1/8/2015 9:07:52 AM - Windows Update
RP403: 1/11/2015 3:42:20 AM - Installed Java 7 Update 71
RP404: 1/11/2015 4:46:57 AM - Removed Java 7 Update 71
RP405: 1/11/2015 4:48:33 AM - Installed Java 7 Update 71
RP406: 1/11/2015 5:05:44 AM - Removed Java 7 Update 71
RP407: 1/11/2015 5:06:39 AM - Installed Java 7 Update 71
RP408: 1/11/2015 5:12:33 AM - Removed Java 8 Update 25
RP409: 1/11/2015 5:37:47 AM - Removed Java 7 Update 71
RP410: 1/11/2015 5:41:53 AM - Installed Java 7 Update 71
RP411: 1/12/2015 5:27:41 AM - Windows Update
RP412: 1/14/2015 3:00:16 AM - Windows Update
RP413: 1/14/2015 9:21:39 AM - Installed Java 7 Update 65
RP414: 1/14/2015 2:36:03 PM - Removed MOTOROLA MEDIA LINK.
RP415: 1/14/2015 7:33:40 PM - LavasoftWeCompanion
RP416: 1/14/2015 8:19:00 PM - Removed Citrix Online Launcher
RP417: 1/14/2015 8:22:28 PM - Removed Google Earth.
RP419: 1/14/2015 8:35:33 PM - Checkpoint by HitmanPro
RP421: 1/14/2015 8:36:06 PM - Checkpoint by HitmanPro
RP423: 1/14/2015 8:36:39 PM - Checkpoint by HitmanPro
RP425: 1/14/2015 8:37:11 PM - Checkpoint by HitmanPro
RP427: 1/14/2015 8:37:57 PM - Checkpoint by HitmanPro
.
==== Installed Programs ======================
.
Ad-Aware Web Companion
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Refresh Manager
AmericasCardroom
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.17.1
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Common Desktop Agent
Conexant HD Audio
D3DX10
Dropbox
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020
Google Chrome
Google Drive
iPhoneSMSExport
iTunes
Java 7 Update 65
Java 7 Update 71
Java Auto Updater
Junk Mail filter update
Label@Once 1.0
LavasoftTcpService
Lawn Care Calculator
Lawn Care Letter Writer
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Home and Business 2013 - en-us
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MotoHelper MergeModules
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NightScaper 1.0
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PrintMaster 2.0 Platinum
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RealUpgrade 1.1
Samsung C460 Series
Samsung Easy Document Creator
Samsung Easy Printer Manager
Samsung Easy Wireless Setup
Samsung Network PC Fax
Samsung Printer Live Update
Samsung Scan Process Machine
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype Click to Call
Skype Launcher
Skype™ 6.22
SNS Upload for Easy Document Creator
Synaptics Pointing Device Driver
TeamViewer 8
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Recovery Media Creator
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
View User's Guide
VoiceOver Kit
Web Companion
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
1/14/2015 9:50:35 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/14/2015 5:00:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.
1/14/2015 5:00:34 PM, Error: Service Control Manager [7000] - The cozaghost service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2015 10:01:03 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
1/14/2015 10:01:03 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
1/14/2015 10:01:03 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
1/12/2015 9:12:37 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/12/2015 9:12:33 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
.
==== End Of File ===========================
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am
Advertisement
Register to Remove

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 19th, 2015, 7:41 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.




Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 19th, 2015, 2:37 pm

Thank you in advance for your help! Not sure what I would do without your help to get rid of all these troublesome viruses! THANK YOU!

---------------------------------------------------------


# AdwCleaner v4.108 - Report created 19/01/2015 at 12:21:08
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Annemarie - MONKEY
# Running from : C:\Users\Annemarie\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Tweaks
Folder Deleted : C:\Program Files (x86)\DriverRestore
Folder Deleted : C:\Users\Annemarie\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Annemarie\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Annemarie\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Annemarie\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Annemarie\AppData\Roaming\WSE_Vosteran
File Deleted : C:\Users\Public\Desktop\FileOpener.lnk
File Deleted : C:\Users\Annemarie\Desktop\Uninstall.exe
File Deleted : C:\Users\Annemarie\Desktop\FileOpenerSetup.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Digital Sites
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\BrowseFox
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v

[dnknbzqf.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Bing,Amazon.com,DuckDuckGo,eBay,Trovi search,Twitter");
[dnknbzqf.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [8516 octets] - [19/01/2015 12:12:32]
AdwCleaner[S0].txt - [7265 octets] - [19/01/2015 12:21:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7325 octets] ##########
Last edited by bretbaker1971 on January 19th, 2015, 2:42 pm, edited 1 time in total.
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 19th, 2015, 2:38 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Annemarie (administrator) on MONKEY on 19-01-2015 12:29:02
Running from C:\Users\Annemarie\Desktop
Loaded Profiles: Annemarie (Available profiles: Annemarie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Dropbox, Inc.) C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {4837526C-E530-4252-A471-17BA2555F5F4} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
SearchScopes: HKLM-x32 -> {4837526C-E530-4252-A471-17BA2555F5F4} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {4837526C-E530-4252-A471-17BA2555F5F4} URL =
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {83E6CE25-7791-4508-9B27-114D29DD44DA} URL =
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {B7BBD4AC-6924-4E47-A175-5EE1D15D2A05} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {FB15427B-89A4-5618-6637-DB71AA7024FB} -> No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\dnknbzqf.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2386503607-1283318599-521145188-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Annemarie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
CHR Extension: (Google Search) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [506928 2013-02-05] (Samsung Electronics Co., Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-14] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-09-08] (Research in Motion Ltd)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [227840 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [198528 2009-05-04] (Sierra Wireless Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 12:29 - 2015-01-19 12:30 - 00021933 _____ () C:\Users\Annemarie\Desktop\FRST.txt
2015-01-19 12:28 - 2015-01-19 12:29 - 00000000 ____D () C:\FRST
2015-01-19 12:27 - 2015-01-19 12:27 - 02126848 _____ (Farbar) C:\Users\Annemarie\Desktop\FRST64.exe
2015-01-19 12:12 - 2015-01-19 12:21 - 00000000 ____D () C:\AdwCleaner
2015-01-19 12:11 - 2015-01-19 12:11 - 02186752 _____ () C:\Users\Annemarie\Desktop\adwcleaner_4.108.exe
2015-01-19 12:04 - 2015-01-19 12:04 - 00000207 _____ () C:\windows\tweaking.com-regbackup-MONKEY-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2015-01-19 12:03 - 2015-01-19 12:03 - 00000000 ____D () C:\RegBackup
2015-01-19 12:02 - 2015-01-19 12:02 - 00325960 _____ () C:\Users\Annemarie\Desktop\lua5.1.dll
2015-01-19 12:02 - 2015-01-19 12:02 - 00001502 _____ () C:\Users\Annemarie\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-19 12:02 - 2015-01-19 12:02 - 00000000 ____D () C:\Users\Annemarie\Desktop\Uninstall
2015-01-19 12:02 - 2015-01-19 12:02 - 00000000 ____D () C:\Users\Annemarie\Desktop\files
2015-01-19 12:02 - 2015-01-19 12:02 - 00000000 ____D () C:\Users\Annemarie\Desktop\color_presets
2015-01-19 12:02 - 2015-01-19 12:02 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-19 11:55 - 2015-01-19 11:55 - 04215584 _____ () C:\Users\Annemarie\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-19 11:44 - 2015-01-19 11:44 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-19 11:33 - 2015-01-19 11:33 - 00024764 _____ () C:\Users\Annemarie\Desktop\File-Opener.html
2015-01-19 11:33 - 2015-01-19 11:33 - 00000000 ____D () C:\Users\Annemarie\Desktop\File-Opener_files
2015-01-15 15:58 - 2015-01-19 12:26 - 00003344 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2386503607-1283318599-521145188-1000
2015-01-14 22:37 - 2015-01-14 22:37 - 00008238 _____ () C:\Users\Annemarie\Desktop\attach.txt
2015-01-14 22:37 - 2015-01-14 22:36 - 00022759 _____ () C:\Users\Annemarie\Desktop\dds.txt
2015-01-14 22:36 - 2015-01-14 22:36 - 00688992 ____R (Swearware) C:\Users\Annemarie\Downloads\dds.scr
2015-01-14 22:00 - 2015-01-14 22:00 - 00039776 _____ () C:\ComboFix.txt
2015-01-14 21:21 - 2015-01-14 21:21 - 00001184 _____ () C:\Users\Annemarie\Desktop\ComboFix - Shortcut.lnk
2015-01-14 21:11 - 2015-01-14 21:12 - 05609736 ____R (Swearware) C:\Users\Annemarie\Downloads\ComboFix.exe
2015-01-14 20:26 - 2015-01-14 20:26 - 00003260 _____ () C:\windows\System32\Tasks\{973FBF86-89B1-4773-B687-227A79963C83}
2015-01-14 20:25 - 2015-01-14 20:25 - 00003244 _____ () C:\windows\System32\Tasks\{CD6670A9-58DB-47F3-8E4A-38368F07132B}
2015-01-14 20:16 - 2015-01-14 20:16 - 00232424 _____ () C:\Users\Annemarie\Downloads\JRT.exe
2015-01-14 20:16 - 2015-01-14 20:16 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-01-14 20:15 - 2015-01-14 20:15 - 11225840 _____ (SurfRight B.V.) C:\Users\Annemarie\Downloads\HitmanPro_x64.exe
2015-01-14 20:13 - 2015-01-14 20:13 - 10285456 _____ (SurfRight B.V.) C:\Users\Annemarie\Downloads\HitmanPro.exe
2015-01-14 19:35 - 2015-01-14 19:35 - 00004688 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Lavasoft
2015-01-14 19:35 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-01-14 19:35 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Lavasoft
2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-14 19:31 - 2015-01-14 19:32 - 08059016 _____ (Lavasoft) C:\Users\Annemarie\Downloads\WebCompanionInstaller.exe
2015-01-14 18:01 - 2015-01-14 18:01 - 00000000 ____D () C:\windows\SysWOW64\TrayIcons
2015-01-14 18:01 - 2015-01-14 18:01 - 00000000 ____D () C:\cache
2015-01-14 18:00 - 2015-01-14 18:00 - 01285259 _____ () C:\windows\shost.bin
2015-01-14 16:32 - 2015-01-19 12:26 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2386503607-1283318599-521145188-1000
2015-01-14 16:08 - 2015-01-14 16:08 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Macromedia
2015-01-14 15:01 - 2015-01-14 17:09 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 15:01 - 2015-01-14 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 15:01 - 2015-01-14 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 15:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-14 15:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-14 14:36 - 2015-01-14 14:36 - 00000005 _____ () C:\windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2015-01-14 09:23 - 2015-01-11 05:42 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-14 09:23 - 2015-01-11 05:42 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-14 09:23 - 2015-01-11 05:42 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-14 09:20 - 2015-01-14 09:20 - 29419944 _____ (Oracle Corporation) C:\Users\Annemarie\Desktop\jre-7u60-windows-i586.exe
2015-01-14 09:19 - 2015-01-14 09:19 - 00000064 _____ () C:\Users\Annemarie\AppData\Local\a20a9b2979db5cf01b44785a6e245b06
2015-01-14 09:12 - 2015-01-14 09:13 - 00000000 ____D () C:\Users\Annemarie\Documents\ProPCCleaner
2015-01-14 09:12 - 2015-01-14 09:12 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Pro_PC_Cleaner
2015-01-14 01:54 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 01:54 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 01:54 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 01:54 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 01:54 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 01:54 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 01:53 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 01:53 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 01:53 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 01:53 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 01:53 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 01:53 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 01:53 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-12 10:06 - 2015-01-12 10:06 - 00001816 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-12 10:06 - 2015-01-12 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-12 10:05 - 2015-01-12 10:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-12 10:03 - 2015-01-12 10:03 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-12 10:03 - 2015-01-12 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-12 10:01 - 2015-01-12 10:03 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 10:01 - 2015-01-12 10:01 - 00000000 ____D () C:\Program Files\iPod
2015-01-11 05:43 - 2015-01-11 05:43 - 00000000 ____D () C:\ProgramData\Sun
2015-01-11 05:42 - 2015-01-14 09:22 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 05:42 - 2015-01-11 05:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-11 05:42 - 2015-01-11 05:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 05:36 - 2015-01-11 05:36 - 00937896 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-7u71-windows-i586-iftw(1).exe
2015-01-11 05:04 - 2015-01-11 05:04 - 00937896 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-7u71-windows-i586-iftw.exe
2015-01-11 04:56 - 2015-01-11 04:57 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Mozilla
2015-01-11 04:56 - 2015-01-11 04:57 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Mozilla
2015-01-11 04:54 - 2015-01-11 04:54 - 00244104 _____ () C:\Users\Annemarie\Downloads\Firefox Setup Stub 34.0.5.exe
2015-01-11 04:51 - 2015-01-11 04:51 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Oracle
2015-01-11 03:43 - 2015-01-11 03:44 - 00005682 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-11 03:33 - 2015-01-11 03:33 - 00638888 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\JavaSetup8u25.exe
2015-01-06 20:15 - 2015-01-06 20:16 - 42096984 _____ (Apple Inc.) C:\Users\Annemarie\Downloads\QuickTimeInstaller.exe
2014-12-26 10:37 - 2014-12-26 10:37 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 12:29 - 2011-05-29 11:28 - 01124499 _____ () C:\windows\WindowsUpdate.log
2015-01-19 12:25 - 2014-01-16 18:05 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 12:25 - 2012-10-08 21:38 - 00000000 ___RD () C:\Users\Annemarie\Dropbox
2015-01-19 12:25 - 2012-10-08 21:34 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Dropbox
2015-01-19 12:23 - 2013-07-01 19:16 - 00224956 _____ () C:\windows\PFRO.log
2015-01-19 12:23 - 2013-07-01 19:16 - 00031587 _____ () C:\windows\setupact.log
2015-01-19 12:23 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-19 12:13 - 2013-11-11 23:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 12:04 - 2012-05-17 21:51 - 00000679 _____ () C:\Users\Annemarie\Desktop\Settings.ini
2015-01-19 11:23 - 2014-01-16 18:05 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 17:36 - 2013-12-11 18:07 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-15 17:34 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-15 16:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:03 - 2009-07-13 23:13 - 00803806 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-15 09:24 - 2014-12-08 18:28 - 00053760 ___SH () C:\Users\Annemarie\Downloads\Thumbs.db
2015-01-14 22:00 - 2013-07-01 17:43 - 00000000 ____D () C:\Qoobox
2015-01-14 21:52 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-01-14 21:50 - 2013-07-01 17:42 - 00000000 ____D () C:\windows\erdnt
2015-01-14 21:31 - 2011-07-21 20:24 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-14 20:23 - 2011-05-29 12:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-14 20:20 - 2014-02-05 13:23 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Citrix
2015-01-14 20:20 - 2014-02-05 13:23 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-14 19:48 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\IME
2015-01-14 15:01 - 2013-07-01 15:42 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Malwarebytes
2015-01-14 15:01 - 2013-07-01 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 14:56 - 2014-02-09 15:19 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2015-01-14 14:38 - 2011-06-22 16:17 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Motorola
2015-01-14 14:37 - 2011-06-22 16:17 - 00000000 ____D () C:\ProgramData\Nero
2015-01-14 08:54 - 2011-08-04 12:04 - 00000000 ____D () C:\Users\Annemarie\Documents\Bret
2015-01-12 17:25 - 2014-04-23 15:38 - 00002013 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-12 17:25 - 2014-04-23 15:38 - 00002011 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-12 17:25 - 2014-04-23 15:38 - 00002001 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-12 17:25 - 2014-04-23 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-12 10:03 - 2012-04-23 14:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 10:01 - 2011-10-01 21:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-11 05:43 - 2013-10-17 12:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 05:16 - 2009-07-13 23:08 - 00032570 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-30 18:11 - 2011-06-21 13:51 - 00000000 ____D () C:\Users\Annemarie
2014-12-25 06:44 - 2014-01-08 14:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======
2014-06-05 17:11 - 2014-11-17 02:09 - 0000102 _____ () C:\Users\Annemarie\AppData\Roaming\WB.CFG
2015-01-14 09:19 - 2015-01-14 09:19 - 0000064 _____ () C:\Users\Annemarie\AppData\Local\a20a9b2979db5cf01b44785a6e245b06
2014-02-13 13:04 - 2014-08-19 16:59 - 0001044 _____ () C:\Users\Annemarie\AppData\Local\infusionsoft_settings.xml
2013-07-07 13:01 - 2013-07-07 13:01 - 0007605 _____ () C:\Users\Annemarie\AppData\Local\Resmon.ResmonCfg
2013-04-10 12:47 - 2013-04-10 12:47 - 0071712 _____ () C:\ProgramData\SMSExport_20130410114703.log
2013-07-30 10:32 - 2013-07-30 10:32 - 0001725 _____ () C:\ProgramData\SMSExport_20130730093248.log

Some content of TEMP:
====================
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Annemarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxt0cng.dll
C:\Users\Annemarie\AppData\Local\Temp\Quarantine.exe
C:\Users\Annemarie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 11:45

==================== End Of Log ============================
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 19th, 2015, 2:39 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Annemarie at 2015-01-19 12:31:13
Running from C:\Users\Annemarie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.17.1 (HKLM-x32\...\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}) (Version: 4.1.17.1 - We-Care.com)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{F1F3A5DA-78E0-67C4-39F3-1BCCECDB61D0}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM-x32\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
iPhoneSMSExport (HKLM-x32\...\iPhoneSMSExport) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065F0}) (Version: 7.0.650 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Lawn Care Calculator (HKLM-x32\...\Lawn Care Calculator1.1) (Version: 1.1 - Lawncare-Business.com)
Lawn Care Letter Writer (HKLM-x32\...\Lawn Care Letter Writer3.02) (Version: 3.02 - LawnPro Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NightScaper 1.0 (HKLM-x32\...\NightScaper_is1) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PrintMaster 2.0 Platinum (HKLM-x32\...\6485-4051-8654-1627) (Version: - Encore Software Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung C460 Series (HKLM-x32\...\Samsung C460 Series) (Version: 1.02 (7/11/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.61 (4/10/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.23.00(5/3/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.25 - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.09.14 (2/5/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.01.00 - )
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - )
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{8E645E60-9CE1-346E-91C5-A67B79A3E848}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386503607-1283318599-521145188-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-01-2015 03:42:20 Installed Java 7 Update 71
11-01-2015 04:46:57 Removed Java 7 Update 71
11-01-2015 04:48:33 Installed Java 7 Update 71
11-01-2015 05:05:44 Removed Java 7 Update 71
11-01-2015 05:06:39 Installed Java 7 Update 71
11-01-2015 05:12:33 Removed Java 8 Update 25
11-01-2015 05:37:47 Removed Java 7 Update 71
11-01-2015 05:41:53 Installed Java 7 Update 71
12-01-2015 05:27:41 Windows Update
14-01-2015 03:00:16 Windows Update
14-01-2015 09:21:39 Installed Java 7 Update 65
14-01-2015 14:36:03 Removed MOTOROLA MEDIA LINK.
14-01-2015 19:33:40 LavasoftWeCompanion
14-01-2015 20:19:00 Removed Citrix Online Launcher
14-01-2015 20:22:28 Removed Google Earth.
14-01-2015 20:35:33 Checkpoint by HitmanPro
14-01-2015 20:36:06 Checkpoint by HitmanPro
14-01-2015 20:36:39 Checkpoint by HitmanPro
14-01-2015 20:37:11 Checkpoint by HitmanPro
14-01-2015 20:37:57 Checkpoint by HitmanPro
17-01-2015 16:08:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-01-14 21:52 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011EA200-9805-45FA-BC2E-418FFC50FC6A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {0436B88A-5FEA-4255-98BF-F1AB8291A73E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2386503607-1283318599-521145188-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {07E59D0B-D4A7-423F-B7C3-87EE64CA7132} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1C4297CE-1145-405F-94F0-9BCA781B9BAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {31B045EA-42DB-40C1-99AD-4E8290684229} - System32\Tasks\{CD6670A9-58DB-47F3-8E4A-38368F07132B} => pcalua.exe -a "C:\windows\Lawn Care Calculator\uninstall.exe" -c "/U:C:\Program Files (x86)\Lawn Care Calculator\Uninstall\uninstall.xml"
Task: {39CB77A7-FFB5-4247-8B2F-38D0DE30A8CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D3F640D-844A-4A1B-AC53-F10166BC709E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {65AABD07-F4B6-43F1-8B66-42E944205CB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {A20EF52B-0C09-4746-AC42-BE70D05AA359} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2386503607-1283318599-521145188-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {BD62A8CD-BB2F-4314-8D4C-387DB87075BB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {CBC5A747-1862-4C6E-A040-A67F4D519AE9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2386503607-1283318599-521145188-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {D7CBC519-F834-4040-AF9B-7848B07F4225} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2386503607-1283318599-521145188-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E60FBBE6-821B-4CD9-9F38-1C3E80E96E01} - System32\Tasks\{973FBF86-89B1-4773-B687-227A79963C83} => pcalua.exe -a "C:\windows\Lawn Care Letter Writer\uninstall.exe" -c "/U:C:\Program Files (x86)\Lawn Care Letter Writer 3\Uninstall\uninstall.xml"
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 07:23 - 2013-05-22 07:23 - 00034304 _____ () C:\windows\System32\sst9clm.dll
2014-10-23 09:30 - 2014-05-20 10:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2013-12-11 17:57 - 2013-02-22 15:29 - 00365568 _____ () C:\windows\system32\SaMinDrv.dll
2013-12-11 17:57 - 2012-11-21 02:40 - 00091136 _____ () C:\windows\system32\ssdevm64.dll
2014-01-16 00:44 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-03-09 11:58 - 2012-03-09 11:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 11:58 - 2012-03-09 11:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-02-12 22:58 - 2014-02-12 22:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00070464 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00171368 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00089928 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2014-12-16 12:10 - 2014-12-16 12:10 - 00041304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-19 12:25 - 2015-01-19 12:25 - 00043008 _____ () c:\Users\Annemarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxt0cng.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Annemarie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-25 00:01 - 2014-09-25 00:01 - 00081056 _____ () C:\Users\Annemarie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2015-01-13 23:25 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-13 23:25 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-13 23:25 - 2015-01-08 18:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-13 23:25 - 2015-01-08 18:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MotoHelper => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TODDSrv => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-2386503607-1283318599-521145188-500 - Administrator - Disabled)
Annemarie (S-1-5-21-2386503607-1283318599-521145188-1000 - Administrator - Enabled) => C:\Users\Annemarie
Guest (S-1-5-21-2386503607-1283318599-521145188-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2386503607-1283318599-521145188-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 00:24:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 00:13:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2015 00:03:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/17/2015 00:03:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2015 00:08:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/15/2015 03:59:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 11:54:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/14/2015 09:53:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:26:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/19/2015 00:25:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/19/2015 00:25:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/19/2015 00:25:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/19/2015 00:25:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/19/2015 00:25:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (01/19/2015 00:25:35 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (01/19/2015 00:25:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/19/2015 00:25:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/19/2015 00:25:25 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (01/19/2015 00:22:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (01/19/2015 00:24:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 00:13:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (01/18/2015 00:03:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (01/17/2015 00:03:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (01/16/2015 00:08:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (01/15/2015 03:59:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 11:54:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (01/14/2015 09:53:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:26:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-07-01 19:01:16.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-01 19:01:16.226
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 55%
Total physical RAM: 3686.87 MB
Available physical RAM: 1641.09 MB
Total Pagefile: 7371.92 MB
Available Pagefile: 5254.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106141W0D) (Fixed) (Total:450.93 GB) (Free:316.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: FED4FA5B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.4 GB) - (Type=17)

==================== End Of Log ============================
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 20th, 2015, 6:57 am

Hi,
Thank you in advance for your help!

You're most welcome.
After several hours of research and banging my head against the wall, I came across ComboFix! Well, I'm very impatient and didn't figure I would do anything terrible by running it on my own, so I did
A word of warning, ComboFix is a powerful tool and should only be used under the supervision of a trained helper.
Used incorrectly ComboFix can leave your computer Unbootable.

Ok there are a few things in your logs that need to be cleaned up, lets take care of them now.
Once done give me an update on how your computer is performing.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Ad-Aware Web Companion
Adobe Reader X (10.1.9)
Java 7 Update 65
Java 7 Update 71


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
    SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {4837526C-E530-4252-A471-17BA2555F5F4} URL =
    SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {83E6CE25-7791-4508-9B27-114D29DD44DA} URL =
    BHO-x32: No Name -> {FB15427B-89A4-5618-6637-DB71AA7024FB} -> No File
    Toolbar: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 motmodem; system32\DRIVERS\motmodem.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X]
    S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
    2015-01-14 20:26 - 2015-01-14 20:26 - 00003260 _____ () C:\windows\System32\Tasks\{973FBF86-89B1-4773-B687-227A79963C83}
    2015-01-14 20:25 - 2015-01-14 20:25 - 00003244 _____ () C:\windows\System32\Tasks\{CD6670A9-58DB-47F3-8E4A-38368F07132B}
    2015-01-14 19:35 - 2015-01-14 19:35 - 00004688 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
    2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
    2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
    2015-01-14 19:35 - 2015-01-14 19:35 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Lavasoft
    2015-01-14 19:35 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
    2015-01-14 19:35 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
    2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
    2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Lavasoft
    2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\ProgramData\Lavasoft
    2015-01-14 14:36 - 2015-01-14 14:36 - 00000005 _____ () C:\windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
    2015-01-14 09:19 - 2015-01-14 09:19 - 00000064 _____ () C:\Users\Annemarie\AppData\Local\a20a9b2979db5cf01b44785a6e245b06
    2015-01-14 09:12 - 2015-01-14 09:13 - 00000000 ____D () C:\Users\Annemarie\Documents\ProPCCleaner
    2015-01-14 09:12 - 2015-01-14 09:12 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Pro_PC_Cleaner
    C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\Annemarie\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\Annemarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxt0cng.dll
    C:\Users\Annemarie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Annemarie\AppData\Local\Temp\sqlite3.dll
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 20th, 2015, 1:37 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Annemarie at 2015-01-20 11:24:29 Run:1
Running from C:\Users\Annemarie\Desktop
Loaded Profiles: Annemarie (Available profiles: Annemarie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> Backup.Old.DefaultScope {893BF6EB-2C72-4646-B6FB-F786798453F8}
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {4837526C-E530-4252-A471-17BA2555F5F4} URL =
SearchScopes: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> {83E6CE25-7791-4508-9B27-114D29DD44DA} URL =
BHO-x32: No Name -> {FB15427B-89A4-5618-6637-DB71AA7024FB} -> No File
Toolbar: HKU\S-1-5-21-2386503607-1283318599-521145188-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
2015-01-14 20:26 - 2015-01-14 20:26 - 00003260 _____ () C:\windows\System32\Tasks\{973FBF86-89B1-4773-B687-227A79963C83}
2015-01-14 20:25 - 2015-01-14 20:25 - 00003244 _____ () C:\windows\System32\Tasks\{CD6670A9-58DB-47F3-8E4A-38368F07132B}
2015-01-14 19:35 - 2015-01-14 19:35 - 00004688 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00002520 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2015-01-14 19:35 - 2015-01-14 19:35 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Lavasoft
2015-01-14 19:35 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-01-14 19:35 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-14 19:34 - 2015-01-14 19:34 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Lavasoft
2015-01-14 19:32 - 2015-01-14 19:32 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-14 14:36 - 2015-01-14 14:36 - 00000005 _____ () C:\windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2015-01-14 09:19 - 2015-01-14 09:19 - 00000064 _____ () C:\Users\Annemarie\AppData\Local\a20a9b2979db5cf01b44785a6e245b06
2015-01-14 09:12 - 2015-01-14 09:13 - 00000000 ____D () C:\Users\Annemarie\Documents\ProPCCleaner
2015-01-14 09:12 - 2015-01-14 09:12 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\Pro_PC_Cleaner
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Annemarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxt0cng.dll
C:\Users\Annemarie\AppData\Local\Temp\Quarantine.exe
C:\Users\Annemarie\AppData\Local\Temp\sqlite3.dll

EmptyTemp:
CMD: ipconfig /flushdns
*****************

C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe => No running process found
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe => No running process found
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4837526C-E530-4252-A471-17BA2555F5F4}" => Key deleted successfully.
HKCR\CLSID\{4837526C-E530-4252-A471-17BA2555F5F4} => Key not found.
"HKU\S-1-5-21-2386503607-1283318599-521145188-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83E6CE25-7791-4508-9B27-114D29DD44DA}" => Key deleted successfully.
HKCR\CLSID\{83E6CE25-7791-4508-9B27-114D29DD44DA} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB15427B-89A4-5618-6637-DB71AA7024FB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB15427B-89A4-5618-6637-DB71AA7024FB} => Key not found.
HKU\S-1-5-21-2386503607-1283318599-521145188-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
LavasoftTcpService => Service not found.
SearchProtectionService => Service not found.
BTCFilterService => Service deleted successfully.
catchme => Service deleted successfully.
motandroidusb => Service deleted successfully.
motccgp => Service deleted successfully.
motccgpfl => Service deleted successfully.
motmodem => Service deleted successfully.
MotoSwitchService => Service deleted successfully.
Motousbnet => Service deleted successfully.
motusbdevice => Service deleted successfully.
PCTINDIS5X64 => Service deleted successfully.
swmsflt => Service deleted successfully.
C:\windows\System32\Tasks\{973FBF86-89B1-4773-B687-227A79963C83} => Moved successfully.
C:\windows\System32\Tasks\{CD6670A9-58DB-47F3-8E4A-38368F07132B} => Moved successfully.
C:\windows\SysWOW64\LavasoftTcpService.ini => Moved successfully.
C:\windows\SysWOW64\LavasoftTcpServiceOff.ini => Moved successfully.
C:\windows\system32\LavasoftTcpServiceOff.ini => Moved successfully.
"C:\Users\Annemarie\AppData\Local\Lavasoft" => File/Directory not found.
C:\windows\system32\LavasoftTcpService64.dll => Moved successfully.
C:\windows\SysWOW64\LavasoftTcpService.dll => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => File/Directory not found.
"C:\Program Files (x86)\Lavasoft" => File/Directory not found.
"C:\Users\Annemarie\AppData\Roaming\Lavasoft" => File/Directory not found.
"C:\ProgramData\Lavasoft" => File/Directory not found.
C:\windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp => Moved successfully.
C:\Users\Annemarie\AppData\Local\a20a9b2979db5cf01b44785a6e245b06 => Moved successfully.
C:\Users\Annemarie\Documents\ProPCCleaner => Moved successfully.
C:\Users\Annemarie\AppData\Local\Pro_PC_Cleaner => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installFinish.exe => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_installStart.exe => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\DRHelper_uninstallComplete.exe => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxt0cng.dll => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Annemarie\AppData\Local\Temp\sqlite3.dll => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 432 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:24:46 ====
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 20th, 2015, 1:43 pm

So far, my computer seems to be running MUCH faster! I do not get the random pop-ups when I open new web pages of click links of any type. The speed of everything is by FAR improved. I truly do appreciate your assistance!
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 20th, 2015, 1:48 pm

Hi,
I truly do appreciate your assistance!

It's my pleasure :)
So far, my computer seems to be running MUCH faster! I do not get the random pop-ups when I open new web pages of click links of any type. The speed of everything is by FAR improved

Excellent :thumbleft:
I would like you to run one more scan for me, this will check for any malware "leftovers".

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 20th, 2015, 7:23 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1cb063003d888948ab4dfb9b62c2bf07
# engine=22064
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-20 09:07:46
# local_time=2015-01-20 03:07:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9918241 115015276 0 0
# scanned=209727
# found=3
# cleaned=0
# scan_time=5268
sh=BD056C10BD08F2CE37A98A83CFA6342CB319DFFD ft=1 fh=fd6f714ca03e9f42 vn="a variant of Win32/DealPly.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Annemarie\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir"
sh=2F113367B81D21E7A95714FB03293D4743214956 ft=1 fh=9713e8d4c0bfc5c4 vn="a variant of Win32/InstallCore.UQ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Annemarie\Desktop\FileOpenerSetup.exe.vir"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\cOnattinueotosave\51ae3819e55c4.dll.vir"
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 21st, 2015, 11:14 am

Hi,
Can you give me an update on how your computer is performing.
Any problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby bretbaker1971 » January 21st, 2015, 1:11 pm

No problems that I have noticed except now I have a TON of icons on my desktop etc. LOL Should I just go through the Programs Uninstall and uninstall all those programs? Computer is FAST and I haven't noticed ANY problems at all! You are AWESOME! I am super nervous about downloading ANYTHING now! UGH! How can I best protect my computer in general? I have Microsoft Security Essentials installed but not active and not sure what virus protection I should use, especially since some of the ads for virus protection are actually viruses themselves, as you well know....
bretbaker1971
Active Member
 
Posts: 10
Joined: January 15th, 2015, 12:20 am

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 21st, 2015, 1:21 pm

Hi,
No problems that I have noticed except now I have a TON of icons on my desktop etc. LOL Should I just go through the Programs Uninstall and uninstall all those programs?

We will take care of all the programs you downloaded when we clean up, see below.
How can I best protect my computer in general? I have Microsoft Security Essentials installed but not active and not sure what virus protection I should use

See the link below, it will give you a few suggestions on how to better protect your computer.
Computer is FAST and I haven't noticed ANY problems at all!

Great, in that case you should be good to go.

Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

We removed outdated versions of Adobe Reader and Java, if you use them you can reinstall the latest versions.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 8u25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (11.0.09).
  • Note: Uncheck install McAfee Security Scan Plus


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: SpyWare, Malware, F U Ware! You Name It!

Unread postby Cypher » January 23rd, 2015, 8:59 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware