Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was scammed online and now I think I am infected!


  • This topic is locked This topic is locked
17 replies to this topic

#1 SearcySharon

SearcySharon

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 26 December 2014 - 08:58 PM

Mod Edit: moved to appropriate forum for DDS logs ~~ boopme


I posted a few weeks ago about getting scammed on the internet by ReImage company who "sold" me some computer repairs and an RealTime protection program for $499.  They never did the work and I have made the proper attempts to report them and get my money back from the credit card company but now I think I am infected with viruses and malware.  My computer is running really slow and freezing up and just not working correctly.  I would be sooooo grateful if someone can help me with this!
 
I went to the instruction forums and saw that I must run some logs and post them here...so...here is the DDS log I ran:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Sharon at 19:45:50 on 2014-12-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5962.4410 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uWindow Title = Internet Explorer, enhanced for Bing and MSN
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 206.255.240.130 206.255.240.134
TCP: Interfaces\{60D8D264-B345-4132-93D5-B4E217D78342} : DHCPNameServer = 206.255.240.130 206.255.240.134
TCP: Interfaces\{60D8D264-B345-4132-93D5-B4E217D78342}\35541425349502D41495E4F425 : DHCPNameServer = 206.255.240.130 206.255.240.134
TCP: Interfaces\{60D8D264-B345-4132-93D5-B4E217D78342}\755637475627E6449676964716C6D23363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{60D8D264-B345-4132-93D5-B4E217D78342}\D41495E4F425 : DHCPNameServer = 206.255.240.136 69.60.160.196
TCP: Interfaces\{60D8D264-B345-4132-93D5-B4E217D78342}\D41495E4F425F5355414253495 : DHCPNameServer = 206.255.240.130 206.255.240.134
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-20 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-10-31 2429544]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2013-10-31 76960]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-19 244560]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-20 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-20 789272]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-2 432680]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-10-31 342632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-15 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-11 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-11 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-11 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== File Associations ===============
.
ShellExec: PortraitPro.exe: open="C:\Program Files (x86)\PortraitPro 12 Trial\PortraitProTrial.exe" /P "%1"
.
=============== Created Last 30 ================
.
2014-12-26 16:32:09 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{233B1034-8103-456A-9874-E8EA0B433743}\mpengine.dll
2014-12-25 01:24:32 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-19 02:17:00 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DADD1EE-FDE5-4062-AD8C-E080AD48510A}\gapaengine.dll
2014-12-14 04:35:42 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-12-08 04:46:20 -------- d-----w- C:\Program Files\Reason
2014-12-05 23:34:02 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FAE7E51-F2D4-4BD2-BC10-80303E2C563E}\mpengine.dll
2014-12-05 23:33:50 11632448 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-12-05 23:32:37 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-12-05 23:32:37 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-12-05 23:32:37 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-12-05 23:32:37 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-12-05 22:30:47 145792 ----a-w- C:\Windows\System32\drivers\E1G6032E.sys
2014-12-05 21:48:22 16224 ----a-w- C:\Windows\System32\Native.exe
2014-12-05 21:44:26 -------- d-----w- C:\Users\Sharon\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M  ====================
.
2014-12-09 20:34:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 20:34:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-19 22:36:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
.
============= FINISH: 19:47:11.80 ===============
 
And here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2013 6:28:55 PM
System Uptime: 12/26/2014 7:17:25 PM (0 hours ago)
.
Motherboard: Acer |  | MA51_HX   
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz | U3E1 | 1801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 425.391 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP175: 12/12/2014 7:32:12 PM - Windows Update
RP176: 12/13/2014 3:44:16 PM - Windows Update
RP178: 12/15/2014 5:55:44 PM - Windows Update
RP179: 12/15/2014 8:45:16 PM - Windows Update
RP180: 12/16/2014 8:51:07 PM - Windows Update
RP181: 12/17/2014 6:02:01 PM - Windows Update
RP182: 12/18/2014 8:43:52 PM - Windows Update
RP183: 12/19/2014 6:46:18 AM - Windows Update
RP184: 12/21/2014 8:48:00 AM - Windows Update
RP185: 12/21/2014 11:43:33 AM - Windows Update
RP186: 12/21/2014 1:17:37 PM - Windows Update
RP187: 12/22/2014 8:40:01 PM - Windows Update
RP188: 12/23/2014 10:54:56 PM - Windows Update
RP189: 12/24/2014 9:35:31 AM - Windows Update
RP190: 12/25/2014 9:58:22 AM - Windows Update
RP191: 12/25/2014 11:18:58 AM - Windows Update
RP192: 12/26/2014 10:24:53 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Atheros Driver Installation Program
BioWIN 5.11
Broadcom NetLink Controller
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 645 Series Printer Uninstall
EpsonNet Print
ETDWare PS/2-X64 10.6.10.8_WHQL
Flash Player Pro V5.4
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
Java 8 Update 25
Java Auto Updater
LTCM Client
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
PortraitPro 12.2 Trial
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Speccy
XBMC
.
==== End Of File ===========================

Edited by boopme, 26 December 2014 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 26 December 2014 - 09:32 PM

I am so sorry!  I thought I was in the right place!



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 30 December 2014 - 11:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 30 December 2014 - 06:57 PM

Ok, thank you!  Here are the two logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 12/30/2014 5:20:06 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Starting, 
Protection, 12/30/2014 5:20:06 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Started, 
Protection, 12/30/2014 5:20:06 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Starting, 
Update, 12/30/2014 5:20:14 PM, SYSTEM, SHARON-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 12/30/2014 5:20:14 PM, SYSTEM, SHARON-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1, 
Protection, 12/30/2014 5:20:35 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Started, 
Update, 12/30/2014 5:20:41 PM, SYSTEM, SHARON-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.30.8, 
Protection, 12/30/2014 5:20:41 PM, SYSTEM, SHARON-PC, Protection, Refresh, Starting, 
Protection, 12/30/2014 5:20:41 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 12/30/2014 5:20:41 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 12/30/2014 5:20:45 PM, SYSTEM, SHARON-PC, Protection, Refresh, Success, 
Protection, 12/30/2014 5:20:45 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/30/2014 5:20:46 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Started, 
Scan, 12/30/2014 5:29:21 PM, SYSTEM, SHARON-PC, Manual, Start:12/30/2014 5:20:41 PM, Duration:8 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 15 Non-Malware Detections, 
Protection, 12/30/2014 5:33:05 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Starting, 
Protection, 12/30/2014 5:33:05 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Started, 
Protection, 12/30/2014 5:33:05 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/30/2014 5:34:13 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Started, 
Protection, 12/30/2014 5:43:32 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Starting, 
Protection, 12/30/2014 5:43:33 PM, SYSTEM, SHARON-PC, Protection, Malware Protection, Started, 
Protection, 12/30/2014 5:43:33 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/30/2014 5:45:14 PM, SYSTEM, SHARON-PC, Protection, Malicious Website Protection, Started, 
 
(end)
 
Second log:
 
 AdwCleaner v3.016 - Report created 03/01/2014 at 22:18:30
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sharon - SHARON-PC
# Running from : C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAOX4A26\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Sharon\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Sharon\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Sharon\Documents\optimizer pro
Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [2820 octets] - [03/01/2014 22:15:57]
AdwCleaner[S0].txt - [2328 octets] - [03/01/2014 22:18:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2388 octets] ##########
# AdwCleaner v4.106 - Report created 30/12/2014 at 17:41:02
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sharon - SHARON-PC
# Running from : C:\Users\Sharon\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
Folder Deleted : C:\Program Files (x86)\Flash Player Pro
Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Sharon\Documents\Flash Player Pro
Folder Deleted : C:\Users\Sharon\Documents\PC Health Kit
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2BB7AD44-0593-474E-BD5F-E147135339D3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2C636E6C-A4CF-4800-87F0-720703EF4BE6}
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v33.0.1750.146
 
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=BCPA5-V7&o=APN11000&pf=V7&p2=%5EB3M%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.7.0.2247&doi=2013-12-20&apn_uid=C956172D-F800-4C20-AB35-1ECF9C046D3F&apn_ptnrs=%5EB3M&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=iexplore.exe_6_11.0.9600.16428&psv=&trgb=IE&tbv=&crxv=&q={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9034439C-1229-4091-82EF-E79F076949DD&q={searchTerms}&SSPV=
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9034439C-1229-4091-82EF-E79F076949DD&q={searchTerms}&SSPV=
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140312,19669,0,IE11,7635
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.shopathome.com/?user_id={69202D2F-FF2F-4AEF-9CD9-341BDC42969F}&q={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140312,19670,0,IE11,7635
 
*************************
 
AdwCleaner[R0].txt - [11575 octets] - [03/01/2014 22:15:57]
AdwCleaner[S0].txt - [10818 octets] - [03/01/2014 22:18:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10879 octets] ##########
 


#5 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 30 December 2014 - 06:58 PM

Here is the FIRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Sharon (administrator) on SHARON-PC on 30-12-2014 17:54:39
Running from C:\Users\Sharon\Downloads
Loaded Profile: Sharon (Available profiles: Sharon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-20] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\...\MountPoints2: {78fae279-8933-11e3-8d4e-1c3e846241fc} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 206.255.240.130 206.255.240.134
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HeadlineAlley) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Yahoo Extension) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 17:54 - 2014-12-30 17:55 - 00010609 _____ () C:\Users\Sharon\Downloads\FRST.txt
2014-12-30 17:53 - 2014-12-30 17:54 - 00000000 ____D () C:\FRST
2014-12-30 17:53 - 2014-12-30 17:53 - 02123264 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe
2014-12-30 17:52 - 2014-12-30 17:53 - 02123264 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe
2014-12-30 17:37 - 2014-12-30 17:37 - 02173952 _____ () C:\Users\Sharon\Downloads\adwcleaner_4.106.exe
2014-12-30 17:20 - 2014-12-30 17:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 17:19 - 2014-12-30 17:19 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 17:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 17:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 17:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 17:17 - 2014-12-30 17:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sharon\Downloads\mbam-setup-2.0.4.1028 (1).exe
2014-12-30 17:17 - 2014-12-30 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sharon\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-26 19:47 - 2014-12-26 19:47 - 00014536 _____ () C:\Users\Sharon\Desktop\dds.txt
2014-12-26 19:47 - 2014-12-26 19:47 - 00003305 _____ () C:\Users\Sharon\Desktop\attach.txt
2014-12-26 19:45 - 2014-12-26 19:45 - 00688992 ____R (Swearware) C:\Users\Sharon\Downloads\dds.com
2014-12-26 14:58 - 2014-12-26 14:59 - 00863216 _____ () C:\Users\Sharon\Documents\SHARON-PC.txt
2014-12-26 14:50 - 2014-12-26 14:50 - 00401920 _____ (Farbar) C:\Users\Sharon\Downloads\MiniToolBox (1).exe
2014-12-26 14:44 - 2014-12-26 14:44 - 00029356 _____ () C:\Windows\SysWOW64\Results from Minitoolbar.txt
2014-12-26 14:43 - 2014-12-26 14:51 - 00016798 _____ () C:\Users\Sharon\Downloads\Result.txt
2014-12-26 14:43 - 2014-12-26 14:43 - 00401920 _____ (Farbar) C:\Users\Sharon\Downloads\MiniToolBox.exe
2014-12-26 14:30 - 2014-12-26 14:30 - 00035005 _____ () C:\Users\Sharon\Documents\SHARON-PC.speccy
2014-12-26 14:26 - 2014-12-26 14:26 - 05122624 _____ (Piriform Ltd) C:\Users\Sharon\Downloads\spsetup127.exe
2014-12-25 19:11 - 2014-12-25 19:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-13 22:35 - 2014-12-13 22:35 - 02476596 _____ (Trend Micro Inc.) C:\Users\Sharon\Downloads\HousecallLauncher64 (4).exe
2014-12-13 22:35 - 2013-09-27 20:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-13 14:07 - 2014-12-13 14:07 - 00000925 _____ () C:\Users\Sharon\Downloads\Reset your Walmart.com password.txt
2014-12-12 18:41 - 2014-12-12 18:41 - 02064880 _____ (Trend Micro Inc.) C:\Users\Sharon\Downloads\HousecallLauncher.exe
2014-12-09 18:46 - 2014-12-09 18:46 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (6).exe
2014-12-09 18:19 - 2014-12-09 18:19 - 00021507 _____ () C:\Users\Sharon\Downloads\Report_12092014_171940.csv
2014-12-09 18:18 - 2014-12-09 18:18 - 00090283 _____ () C:\Users\Sharon\Downloads\Report_12092014_171849.html
2014-12-08 18:11 - 2014-12-30 17:42 - 00005504 _____ () C:\Windows\PFRO.log
2014-12-08 18:11 - 2014-12-30 17:42 - 00002240 _____ () C:\Windows\setupact.log
2014-12-08 18:11 - 2014-12-08 18:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-08 15:34 - 2014-12-11 20:20 - 00005949 _____ () C:\Windows\system32\ScanResults.xml
2014-12-08 15:32 - 2014-12-11 20:17 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-07 22:46 - 2014-12-07 22:46 - 00000000 ____D () C:\Program Files\Reason
2014-12-06 09:27 - 2014-12-06 09:28 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (5).exe
2014-12-06 09:27 - 2014-12-06 09:27 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (4).exe
2014-12-05 18:44 - 2014-12-05 18:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (3).exe
2014-12-05 18:44 - 2014-12-05 18:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (2).exe
2014-12-05 18:43 - 2014-12-05 18:43 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (1).exe
2014-12-05 17:32 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-05 17:32 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-05 17:32 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-05 17:32 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-05 17:22 - 2014-12-08 18:11 - 00000000 _____ () C:\Windows\system32\reimage.rep
2014-12-05 16:30 - 2009-06-10 14:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2014-12-05 16:26 - 2014-12-08 18:02 - 00049152 _____ () C:\Windows\debugpack.cmp
2014-12-05 15:48 - 2014-12-08 17:31 - 00016224 _____ () C:\Windows\system32\Native.exe
2014-12-05 15:44 - 2014-12-12 15:45 - 00000000 ____D () C:\Users\Sharon\AppData\Local\LogMeIn Rescue Applet
2014-12-05 15:43 - 2014-12-05 15:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue.exe
2014-12-05 15:25 - 2014-12-05 15:25 - 00774944 _____ () C:\Users\Sharon\Downloads\ReimageRepair (1).exe
2014-12-05 15:24 - 2014-12-05 15:24 - 00774944 _____ () C:\Users\Sharon\Downloads\ReimageRepair.exe
2014-11-30 19:04 - 2014-11-30 19:04 - 00026613 _____ () C:\Users\Sharon\Documents\BenefitVerificationLetter.do
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 17:50 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 17:50 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 17:47 - 2013-10-31 19:24 - 01821818 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 17:43 - 2013-11-15 20:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 17:42 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 17:41 - 2014-01-03 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-30 17:34 - 2014-02-12 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 17:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\IME
2014-12-30 17:01 - 2013-11-15 20:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 14:29 - 2014-08-21 18:23 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-12-26 14:29 - 2014-08-21 18:23 - 00000000 ____D () C:\Program Files\Speccy
2014-12-13 22:41 - 2014-11-29 12:00 - 00000010 _____ () C:\Users\Sharon\AppData\Local\sponge.last.runtime.cache
2014-12-13 12:06 - 2009-07-13 23:13 - 00885174 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 16:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 16:22 - 2013-11-16 20:36 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-12 15:48 - 2014-01-16 10:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 14:34 - 2014-02-12 08:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 14:34 - 2014-01-07 13:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 14:34 - 2014-01-07 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 19:07 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-08 19:05 - 2011-04-12 02:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-08 18:40 - 2013-10-31 19:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-08 18:05 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-08 18:02 - 2013-10-31 19:24 - 00001614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-08 18:02 - 2013-10-31 19:24 - 00001435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-07 21:44 - 2013-11-15 20:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-07 20:53 - 2013-10-31 20:20 - 00000000 ____D () C:\Windows\Panther
2014-12-06 03:57 - 2014-02-26 17:03 - 00817396 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-05 16:32 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-05 16:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Recovery
 
Some content of TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe
C:\Users\Sharon\AppData\Local\Temp\sqlite3.dll
C:\Users\Sharon\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-12 16:15
 
==================== End Of Log ============================
 
Here is the ADDITION.txt Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Sharon at 2014-12-30 17:55:56
Running from C:\Users\Sharon\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
BioWIN 5.11 (HKLM-x32\...\BioWIN_is1) (Version:  - G·Wave Solutions)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.3.2 - Broadcom Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 10.6.10.8_WHQL (HKLM\...\Elantech) (Version: 10.6.10.8 - ELAN Microelectronic Corp.)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
PortraitPro 12.2 Trial (HKLM-x32\...\PortraitPro12Trial_is1) (Version: 12.2 - Anthropics Technology Ltd.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28104 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
XBMC (HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-12-2014 19:32:12 Windows Update
13-12-2014 15:44:16 Windows Update
15-12-2014 17:55:44 Windows Update
15-12-2014 20:45:16 Windows Update
16-12-2014 20:51:07 Windows Update
17-12-2014 18:02:01 Windows Update
18-12-2014 20:43:52 Windows Update
19-12-2014 06:46:18 Windows Update
21-12-2014 08:48:00 Windows Update
21-12-2014 11:43:33 Windows Update
21-12-2014 13:17:37 Windows Update
22-12-2014 20:40:01 Windows Update
23-12-2014 22:54:56 Windows Update
24-12-2014 09:35:31 Windows Update
25-12-2014 09:58:22 Windows Update
25-12-2014 11:18:58 Windows Update
26-12-2014 10:24:53 Windows Update
26-12-2014 23:19:18 Windows Update
27-12-2014 20:26:01 Windows Update
28-12-2014 11:24:06 Windows Update
29-12-2014 18:24:09 Windows Update
29-12-2014 21:15:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5179DAC5-93E2-4702-B946-3E3D0326FB72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {6C401E6D-B90A-4BA4-BA03-2414F5E602DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {9788E637-3E9D-479D-8490-FCC6C84AB5F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {BC6DAE63-2AB0-4DF9-A5D6-6BE30DD5AB01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 11:18 - 2014-03-01 20:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2891644931-2800695934-2312347635-500 - Administrator - Disabled)
Guest (S-1-5-21-2891644931-2800695934-2312347635-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2891644931-2800695934-2312347635-1003 - Limited - Enabled)
Sharon (S-1-5-21-2891644931-2800695934-2312347635-1000 - Administrator - Enabled) => C:\Users\Sharon
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 05:44:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 05:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 04:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 06:21:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 07:26:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 11:21:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 11:15:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 07:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 07:19:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 03:01:02 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a9859a6b-1a20-4fe9-999e-f679e0422a68.dmp
 
 
System errors:
=============
Error: (12/30/2014 05:41:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (12/30/2014 05:41:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (12/30/2014 05:41:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 05:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EpsonCustomerParticipation service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 05:44:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 05:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 04:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 06:21:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 07:26:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 11:21:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 11:15:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 07:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 07:19:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 03:01:02 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a9859a6b-1a20-4fe9-999e-f679e0422a68.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-07 23:08:56.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-07 23:08:56.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-07 23:01:45.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-07 23:01:45.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-16 13:40:07.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-16 13:40:07.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-16 13:39:41.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 13:27:25.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 13:27:25.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 13:27:14.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 5962.36 MB
Available physical RAM: 4157.4 MB
Total Pagefile: 11922.89 MB
Available Pagefile: 10024.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:424.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 72B49183)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: 72B491B6)
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 31 December 2014 - 09:42 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (HeadlineAlley) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now.

#7 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 31 December 2014 - 03:33 PM

Hope I did this right!  Sure is confusing!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Sharon (administrator) on SHARON-PC on 31-12-2014 14:40:06
Running from C:\Users\Sharon\Downloads
Loaded Profile: Sharon (Available profiles: Sharon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-20] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\...\MountPoints2: {78fae279-8933-11e3-8d4e-1c3e846241fc} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 206.255.240.130 206.255.240.134
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HeadlineAlley) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Yahoo Extension) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 17:55 - 2014-12-30 17:56 - 00021410 _____ () C:\Users\Sharon\Downloads\Addition.txt
2014-12-30 17:54 - 2014-12-31 14:40 - 00010609 _____ () C:\Users\Sharon\Downloads\FRST.txt
2014-12-30 17:53 - 2014-12-31 14:40 - 00000000 ____D () C:\FRST
2014-12-30 17:53 - 2014-12-30 17:53 - 02123264 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe
2014-12-30 17:52 - 2014-12-30 17:53 - 02123264 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe
2014-12-30 17:37 - 2014-12-30 17:37 - 02173952 _____ () C:\Users\Sharon\Downloads\adwcleaner_4.106.exe
2014-12-30 17:20 - 2014-12-31 14:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 17:19 - 2014-12-30 17:19 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 17:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 17:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 17:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 17:17 - 2014-12-30 17:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sharon\Downloads\mbam-setup-2.0.4.1028 (1).exe
2014-12-30 17:17 - 2014-12-30 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sharon\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-26 19:47 - 2014-12-26 19:47 - 00014536 _____ () C:\Users\Sharon\Desktop\dds.txt
2014-12-26 19:47 - 2014-12-26 19:47 - 00003305 _____ () C:\Users\Sharon\Desktop\attach.txt
2014-12-26 19:45 - 2014-12-26 19:45 - 00688992 ____R (Swearware) C:\Users\Sharon\Downloads\dds.com
2014-12-26 14:58 - 2014-12-26 14:59 - 00863216 _____ () C:\Users\Sharon\Documents\SHARON-PC.txt
2014-12-26 14:50 - 2014-12-26 14:50 - 00401920 _____ (Farbar) C:\Users\Sharon\Downloads\MiniToolBox (1).exe
2014-12-26 14:44 - 2014-12-26 14:44 - 00029356 _____ () C:\Windows\SysWOW64\Results from Minitoolbar.txt
2014-12-26 14:43 - 2014-12-26 14:51 - 00016798 _____ () C:\Users\Sharon\Downloads\Result.txt
2014-12-26 14:43 - 2014-12-26 14:43 - 00401920 _____ (Farbar) C:\Users\Sharon\Downloads\MiniToolBox.exe
2014-12-26 14:30 - 2014-12-26 14:30 - 00035005 _____ () C:\Users\Sharon\Documents\SHARON-PC.speccy
2014-12-26 14:26 - 2014-12-26 14:26 - 05122624 _____ (Piriform Ltd) C:\Users\Sharon\Downloads\spsetup127.exe
2014-12-25 19:11 - 2014-12-25 19:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-13 22:35 - 2014-12-13 22:35 - 02476596 _____ (Trend Micro Inc.) C:\Users\Sharon\Downloads\HousecallLauncher64 (4).exe
2014-12-13 22:35 - 2013-09-27 20:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-13 14:07 - 2014-12-13 14:07 - 00000925 _____ () C:\Users\Sharon\Downloads\Reset your Walmart.com password.txt
2014-12-12 18:41 - 2014-12-12 18:41 - 02064880 _____ (Trend Micro Inc.) C:\Users\Sharon\Downloads\HousecallLauncher.exe
2014-12-09 18:46 - 2014-12-09 18:46 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (6).exe
2014-12-09 18:19 - 2014-12-09 18:19 - 00021507 _____ () C:\Users\Sharon\Downloads\Report_12092014_171940.csv
2014-12-09 18:18 - 2014-12-09 18:18 - 00090283 _____ () C:\Users\Sharon\Downloads\Report_12092014_171849.html
2014-12-08 18:11 - 2014-12-31 14:16 - 00002296 _____ () C:\Windows\setupact.log
2014-12-08 18:11 - 2014-12-30 17:42 - 00005504 _____ () C:\Windows\PFRO.log
2014-12-08 18:11 - 2014-12-08 18:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-08 15:34 - 2014-12-11 20:20 - 00005949 _____ () C:\Windows\system32\ScanResults.xml
2014-12-08 15:32 - 2014-12-11 20:17 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-07 22:46 - 2014-12-07 22:46 - 00000000 ____D () C:\Program Files\Reason
2014-12-06 09:27 - 2014-12-06 09:28 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (5).exe
2014-12-06 09:27 - 2014-12-06 09:27 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (4).exe
2014-12-05 18:44 - 2014-12-05 18:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (3).exe
2014-12-05 18:44 - 2014-12-05 18:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (2).exe
2014-12-05 18:43 - 2014-12-05 18:43 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue (1).exe
2014-12-05 17:32 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-05 17:32 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-05 17:32 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-05 17:32 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-05 17:22 - 2014-12-08 18:11 - 00000000 _____ () C:\Windows\system32\reimage.rep
2014-12-05 16:30 - 2009-06-10 14:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2014-12-05 16:26 - 2014-12-08 18:02 - 00049152 _____ () C:\Windows\debugpack.cmp
2014-12-05 15:48 - 2014-12-08 17:31 - 00016224 _____ () C:\Windows\system32\Native.exe
2014-12-05 15:44 - 2014-12-12 15:45 - 00000000 ____D () C:\Users\Sharon\AppData\Local\LogMeIn Rescue Applet
2014-12-05 15:43 - 2014-12-05 15:44 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\Support-LogMeInRescue.exe
2014-12-05 15:25 - 2014-12-05 15:25 - 00774944 _____ () C:\Users\Sharon\Downloads\ReimageRepair (1).exe
2014-12-05 15:24 - 2014-12-05 15:24 - 00774944 _____ () C:\Users\Sharon\Downloads\ReimageRepair.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 14:34 - 2014-02-12 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 14:28 - 2013-10-31 19:24 - 01256650 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 14:24 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 14:24 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 14:17 - 2013-11-15 20:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 14:16 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 14:14 - 2013-11-15 20:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 17:41 - 2014-01-03 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-30 17:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\IME
2014-12-26 14:29 - 2014-08-21 18:23 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-12-26 14:29 - 2014-08-21 18:23 - 00000000 ____D () C:\Program Files\Speccy
2014-12-13 22:41 - 2014-11-29 12:00 - 00000010 _____ () C:\Users\Sharon\AppData\Local\sponge.last.runtime.cache
2014-12-13 12:06 - 2009-07-13 23:13 - 00885174 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 16:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 16:22 - 2013-11-16 20:36 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-12 15:48 - 2014-01-16 10:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 14:34 - 2014-02-12 08:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 14:34 - 2014-01-07 13:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 14:34 - 2014-01-07 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 19:07 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-08 19:05 - 2011-04-12 02:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-08 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-08 18:40 - 2013-10-31 19:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-08 18:05 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-08 18:02 - 2013-10-31 19:24 - 00001614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-08 18:02 - 2013-10-31 19:24 - 00001435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-07 21:44 - 2013-11-15 20:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-07 20:53 - 2013-10-31 20:20 - 00000000 ____D () C:\Windows\Panther
2014-12-06 03:57 - 2014-02-26 17:03 - 00817396 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-05 16:32 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-05 16:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Recovery
 
Some content of TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe
C:\Users\Sharon\AppData\Local\Temp\sqlite3.dll
C:\Users\Sharon\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-12 16:15

Edited by SearcySharon, 31 December 2014 - 03:49 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 01 January 2015 - 08:48 AM

That fix was not applied.

If at any time you need information as to proceed please ask.

My insructions were for you do download the FABAR tool to you desktop.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.


You have run the tool from the Downloads folder.

C:\Users\Sharon\Downloads

Move or copy the Farbar .exe to your desktop.

Download and place the attach Fixlist.txt on your desktop also.

Run the Farbar tool and click the Fix button.

Post the log that willl be generated.

Attached Files



#9 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 01 January 2015 - 01:50 PM

So sorry that I am so computer illiterate!  I've posted below what I find under FRST .  Is this what you want?  .

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Sharon at 2015-01-01 12:39:34 Run:1
Running from C:\Users\Sharon\Downloads
Loaded Profile: Sharon (Available profiles: Sharon)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (HeadlineAlley) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi
 
End
 
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2891644931-2800695934-2312347635-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi => Moved successfully.
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi" => File/Directory not found.
 
==== End of Fixlog 12:39:35 ====
 
 
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 02 January 2015 - 07:47 AM

We are help to help. Just ask if you have a question.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#11 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 02 January 2015 - 09:42 PM

Computer seems to be running a little better. Still freezing sometimes.  Below is the notepad result of security check:
 
 
Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome 33.0.1750.146 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 03 January 2015 - 09:15 AM

Java 8 Update 25 is for the 64 bit Operating system. You have the latest.

===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 03 January 2015 - 02:31 PM

Alright!  Now my computer is operating like it should!  Thank you!  I am still getting an error message upon start up that I have been getting since my son-in-law took Windows 8 off and put Windows 7 Home Premium on my computer.  It says "not all divers were able to be started"...or something to that effect.  Anything I can do about that?  And can I offer some type of payment for your help?

 

Sharon


I also read ALL the info on how to be safe from now on!  Thank you for posting the link!

 

Sharon



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 03 January 2015 - 02:41 PM

getting since my son-in-law took Windows 8 off and put Windows 7 Home Premium on my computer. It says "not all divers were able to be started"...or something to that effect.

The exact error message is important.
Can you make a note of it and post it in your next reply.

As of my services they are free.
Thank you for the offer

#15 SearcySharon

SearcySharon
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 PM

Posted 04 January 2015 - 01:34 PM

Thank you for your services!

 

The error message is at startup and says  "Could not reconnect all network drives".  It doesn't do it at every startup though...just when I haven't been on my computer in several hours...like overnight.

 

Thanks!

Sharon






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users