Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptowall 3.0 - cannot remove, cannot decrypt.


  • This topic is locked This topic is locked
7 replies to this topic

#1 J Williams

J Williams

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 01 February 2015 - 08:59 PM

Yerserday morning, my computer was infected by Cryptowall 3.0.

Norton internet security detected Cryptowall a few minutes after infection, and has been blocking (successfully) attack all afternoon. I know it is Crypowall 3.0 because I recieved their ransom messages.

My aims are:

1. To end these attacks and remove Cryptowall from my computer

2. To regain access to my encrypted files (to be able to read them)

3. Any tips for identifying the criminals behind this would also be appreciated.

Over to the computer guys!

Thank you for any assistance you are able to provide.

Regards,

J.

My computer would NOT run Farbar Recovery Scan Tool. Therefore, I cannot generate the log to post.

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:22 PM

Posted 03 February 2015 - 09:47 PM

Greetings J Williams and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately you should expect that we will not be able to decrypt your files. Please attempt to run FRST while in Safe Mode. If that doesn't work complete the below steps.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • From a working computer please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 J Williams

J Williams
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 03 February 2015 - 11:04 PM

of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Jon (administrator) on JONATHAN on 03-02-2015 13:23:46
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available profiles: Jon)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(iS3, Inc.) C:\Program Files (x86)\STOPzilla!\SZServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(iS3, Inc.) C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Emsisoft Ltd) C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N54LIOJ\decrypt_pclock.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-30] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\...\MountPoints2: {9ceb5fbc-0e69-11e4-be77-40167e444b43} - "F:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
InternetURL: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/efv00f
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-30]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-30]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-30]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-08] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-10-09] () [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-02] (Enigma Software Group USA, LLC.)
R2 szserver; C:\Program Files (x86)\STOPzilla!\SZServer.exe [57136 2014-10-20] (iS3, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 0196411393738574mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\019641~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-24] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-07] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-14] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-22] (Symantec Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-02] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-02] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
S0 is3srv; C:\Windows\SysWow64\drivers\is3srv64.sys [74768 2014-10-20] (iS3 Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-08-08] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150201.004\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150201.004\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-06] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2979544 2013-09-26] (Realtek Semiconductor Corporation )
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2014-10-20] (iS3 Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-02-02] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 13:23 - 2015-02-03 13:24 - 00019904 _____ () C:\Users\Jon\Desktop\FRST.txt
2015-02-03 13:23 - 2015-02-03 13:23 - 00000000 ____D () C:\FRST
2015-02-03 13:19 - 2015-02-03 13:19 - 02131456 _____ (Farbar) C:\Users\Jon\Desktop\frst64.exe
2015-02-03 11:39 - 2015-02-03 11:40 - 00000000 ____D () C:\Users\Jon\Desktop\New folder (2)
2015-02-03 11:39 - 2015-02-03 11:39 - 00000992 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2015-02-03 03:58 - 2015-02-03 11:22 - 00000000 ____D () C:\Users\Jon\Desktop\New folder
2015-02-03 03:48 - 2015-02-03 03:48 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\www.shadowexplorer.com
2015-02-03 03:47 - 2015-02-03 04:28 - 00001891 _____ () C:\Users\Jon\Desktop\ShadowExplorer.lnk
2015-02-03 03:47 - 2015-02-03 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-02-03 03:47 - 2015-02-03 04:28 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-02-03 03:19 - 2015-02-02 19:45 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-03 02:41 - 2014-10-20 10:53 - 00082872 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2015-02-03 02:40 - 2015-02-03 13:25 - 00000000 ____D () C:\ProgramData\STOPzilla!
2015-02-03 02:40 - 2015-02-03 02:44 - 00000000 ____D () C:\Program Files (x86)\STOPzilla!
2015-02-03 02:40 - 2015-02-03 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2015-02-03 02:40 - 2014-10-20 10:53 - 00047496 ____R (GFI Software) C:\Windows\system32\SBBD.EXE
2015-02-03 00:29 - 2015-02-03 00:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 00:01 - 2015-02-03 00:01 - 00000000 ____D () C:\ProgramData\SMR430
2015-02-02 23:12 - 2015-02-03 00:04 - 00000000 ____D () C:\NPE
2015-02-02 23:04 - 2015-02-03 12:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 23:04 - 2015-02-03 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 23:04 - 2015-02-02 23:04 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 23:04 - 2015-02-02 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 23:04 - 2015-02-02 23:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 23:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 23:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 23:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 22:26 - 2015-02-02 22:26 - 00003088 _____ () C:\Windows\System32\Tasks\{080EF2C6-6D32-4E41-9107-DA96495ACEFD}
2015-02-02 22:06 - 2015-02-03 01:57 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-02-02 22:06 - 2015-02-02 22:06 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-02-02 22:05 - 2015-02-02 22:05 - 00753184 _____ () C:\Users\Jon\Downloads\Adware-Removal-Tool-v3.9.1 (1).exe
2015-02-02 22:04 - 2015-02-02 22:05 - 00753184 _____ () C:\Users\Jon\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-02-02 21:58 - 2015-02-02 21:58 - 00003472 ____N () C:\bootsqm.dat
2015-02-02 21:01 - 2015-02-02 21:01 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 20:15 - 2015-02-03 13:13 - 00000000 ____D () C:\AdwCleaner
2015-02-02 19:51 - 2015-02-02 19:51 - 00000000 _____ () C:\autoexec.bat
2015-02-02 19:50 - 2015-02-03 03:20 - 00003318 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-02 19:50 - 2015-02-02 19:50 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Enigma Software Group
2015-02-02 19:49 - 2015-02-03 03:20 - 00001089 _____ () C:\Users\Jon\Desktop\SpyHunter.lnk
2015-02-02 19:49 - 2015-02-03 03:20 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-02 19:48 - 2015-02-02 19:49 - 00000000 ____D () C:\sh4ldr
2015-02-02 19:44 - 2015-02-02 19:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-02 18:30 - 2015-02-02 18:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-02 17:54 - 2015-02-02 17:54 - 00000432 ____H () C:\ProgramData\@system3.att
2015-02-02 17:53 - 2015-02-02 23:21 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\FrameworkUpdate
2015-02-02 17:53 - 2015-02-02 20:37 - 00000000 _____ () C:\ProgramData\@system.temp
2015-02-02 17:53 - 2015-02-02 17:53 - 00000480 ____H () C:\Users\Jon\AppData\Roaming\麽鎒駓覜
2015-02-02 17:51 - 2015-02-02 22:02 - 00000000 ___HD () C:\a7930d56
2015-02-02 13:25 - 2015-02-03 11:07 - 00000000 __RHD () C:\Users\Jon\Desktop\FBI
2015-01-27 02:18 - 2015-01-27 02:18 - 00000272 _____ () C:\Users\Jon\HELP_DECRYPT.URL
2015-01-27 02:12 - 2015-01-27 02:12 - 00008528 _____ () C:\Users\Jon\Downloads\HELP_DECRYPT.HTML
2015-01-27 02:12 - 2015-01-27 02:12 - 00004204 _____ () C:\Users\Jon\Downloads\HELP_DECRYPT.TXT
2015-01-27 02:12 - 2015-01-27 02:12 - 00000272 _____ () C:\Users\Jon\Downloads\HELP_DECRYPT.URL
2015-01-27 02:11 - 2015-01-27 02:11 - 00008528 _____ () C:\Users\Jon\Documents\HELP_DECRYPT.HTML
2015-01-27 02:11 - 2015-01-27 02:11 - 00004204 _____ () C:\Users\Jon\Documents\HELP_DECRYPT.TXT
2015-01-27 02:11 - 2015-01-27 02:11 - 00000272 _____ () C:\Users\Jon\Documents\HELP_DECRYPT.URL
2015-01-27 02:11 - 2015-01-27 02:11 - 00000272 _____ () C:\Users\Jon\AppData\Roaming\HELP_DECRYPT.URL
2015-01-27 02:11 - 2015-01-27 02:11 - 00000272 _____ () C:\Users\Jon\AppData\HELP_DECRYPT.URL
2015-01-27 02:08 - 2015-01-27 02:08 - 00000272 _____ () C:\Users\Jon\AppData\Local\HELP_DECRYPT.URL
2015-01-26 10:44 - 2015-01-26 10:46 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Local Store

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 13:02 - 2012-07-26 19:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 12:01 - 2014-03-02 16:22 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2015-02-03 12:01 - 2014-03-02 16:22 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2015-02-03 11:47 - 2014-05-23 14:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423621074-1295479501-3697453752-1001
2015-02-03 11:38 - 2014-05-23 13:48 - 00000074 _____ () C:\Users\Jon\AppData\Roaming\sp_data.sys
2015-02-03 11:37 - 2014-05-23 13:47 - 12114767 _____ () C:\Users\Jon\AppData\Local\BTServer.log
2015-02-03 11:35 - 2012-08-02 12:20 - 00087202 _____ () C:\Windows\PFRO.log
2015-02-03 11:35 - 2012-07-26 18:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 11:34 - 2012-07-26 16:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-03 11:25 - 2014-11-28 20:14 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps
2015-02-03 11:25 - 2014-11-21 09:54 - 00000000 ____D () C:\Users\Jon\AppData\Local\NPE
2015-02-03 11:21 - 2012-07-26 19:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 11:14 - 2014-08-18 23:29 - 00000000 ____D () C:\Users\Jon\Documents\Jonathan
2015-02-03 10:47 - 2012-07-26 18:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 03:48 - 2014-10-09 12:39 - 00000000 ____D () C:\Users\Jon\AppData\Local\Microsoft Help
2015-02-03 01:59 - 2014-11-28 18:39 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Jihosoft Android Phone Recovery
2015-02-03 01:59 - 2014-05-23 13:48 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Adobe
2015-02-03 01:58 - 2014-09-14 13:48 - 00000000 ____D () C:\Users\Jon\AppData\Local\Apple Computer
2015-02-03 01:58 - 2014-07-30 22:35 - 00000000 ____D () C:\Users\Jon\AppData\Local\Google
2015-02-03 01:57 - 2014-05-23 13:47 - 00000000 ____D () C:\Users\Jon
2015-02-02 23:48 - 2014-09-30 23:45 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\OAS
2015-02-02 22:25 - 2014-11-29 02:31 - 00000000 ____D () C:\Program Files (x86)\Android Data Recovery
2015-02-02 22:24 - 2015-01-03 20:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-02 22:06 - 2014-07-30 22:35 - 00002322 _____ () C:\Users\Jon\Desktop\Google Chrome.lnk
2015-02-02 22:06 - 2014-05-23 13:48 - 00001436 _____ () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 21:35 - 2014-11-28 19:03 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-02 20:36 - 2012-07-26 16:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-02 16:58 - 2014-05-24 16:20 - 00000000 ____D () C:\ProgramData\Norton
2015-02-02 11:39 - 2014-05-23 13:47 - 00000000 ____D () C:\Users\Jon\AppData\Local\Packages
2015-01-17 20:46 - 2014-11-22 18:51 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-01-15 22:49 - 2014-11-22 18:51 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\WinZipper

==================== Files in the root of some directories =======

2015-01-27 02:11 - 2015-01-27 02:11 - 0045473 _____ () C:\Users\Jon\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-27 02:11 - 2015-01-27 02:11 - 0000272 _____ () C:\Users\Jon\AppData\Roaming\HELP_DECRYPT.URL
2014-05-23 13:48 - 2015-02-03 11:38 - 0000074 _____ () C:\Users\Jon\AppData\Roaming\sp_data.sys
2015-02-02 17:53 - 2015-02-02 17:53 - 0000480 ____H () C:\Users\Jon\AppData\Roaming\麽鎒駓覜
2014-05-23 13:47 - 2015-02-03 11:37 - 12114767 _____ () C:\Users\Jon\AppData\Local\BTServer.log
2015-01-27 02:08 - 2015-01-27 02:08 - 0045473 _____ () C:\Users\Jon\AppData\Local\HELP_DECRYPT.PNG
2015-01-27 02:08 - 2015-01-27 02:08 - 0000272 _____ () C:\Users\Jon\AppData\Local\HELP_DECRYPT.URL
2015-02-02 17:53 - 2015-02-02 20:37 - 0000000 _____ () C:\ProgramData\@system.temp
2015-02-02 17:54 - 2015-02-02 17:54 - 0000432 ____H () C:\ProgramData\@system3.att
2014-03-02 16:08 - 2014-03-02 16:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 20:34 - 2012-09-07 22:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 20:34 - 2009-07-22 21:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 20:34 - 2012-09-07 22:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\DeskMetrics.dll
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 09:52

==================== End Of Log ============================

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:22 PM

Posted 03 February 2015 - 11:40 PM

Greetings,

I will be ending for the evening soon but may I request you post the Addition.txt file that should have been created on your desktop?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 J Williams

J Williams
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 February 2015 - 02:18 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Jon at 2015-02-03 13:25:37
Running from C:\Users\Jon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: STOPzilla (Disabled - Up to date) {17032AB1-6644-0721-EEB5-A39B8B646009}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: STOPzilla (Enabled - Up to date) {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\...\Google Chrome) (Version: 33.0.1750.5 - Google Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.304.16315 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.773.101113 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0229 - REALTEK Semiconductor Corp.)
ShadowExplorer 0.1 (HKLM-x32\...\ShadowExplorer_is1) (Version:  - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
STOPzilla (HKLM-x32\...\{9DECA4F0-64C8-4520-9AFA-8E3AA125AA59}) (Version: 6.1.100.3 - iS3 Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Driver Package - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows Driver Package - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\A43025A72B6CC28CB38B93867B2740C581E3B100) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\4D55218052428488AFE6BA93FABC783E658657A7) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\38207DB32AC6A59CE6075F5AAE1448040FAC76DB) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\BC0FC97093ED911878848F7852D617BA23E42F68) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net  (03/07/2012 3.7.0.0) (HKLM\...\BDE134075C5EB079E606351CBB25D6785210D594) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net  (03/07/2012 3.7.0.0) (HKLM\...\E670C2A33F5DE62100C1BF6291C8DBBCE5457692) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\1189BFED67524133874A995F6EE63DC76C2083C1) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\97541C74689007984DD12A4E0B349E2F96A66C2F) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (motandroidusb) USB  (11/26/2012 1.2.14.0) (HKLM\...\17DC46E7226DD240CE5480A071337C9D15C5991E) (Version: 11/26/2012 1.2.14.0 - Motorola)
Windows Driver Package - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)
Windows Driver Package - Motorola (motmodem) Modem  (06/08/2012 5.0.0.0) (HKLM\...\EC59CFD8B4CBED0A412E4B22DAB4C565DE2E79D5) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (Motousbnet) Net  (06/08/2012 2.6.0.0) (HKLM\...\F0EE2BD961E485B5B5AE20058D7FEC68F3C0DE1D) (Version: 06/08/2012 2.6.0.0 - Motorola)
Windows Driver Package - Motorola (motport) Ports  (06/08/2012 5.0.0.0) (HKLM\...\0E7272CE1AFA7996DFC0F8B0B359D995AA4DB9A1) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (motusbdevice) USB  (06/08/2012 1.1.3.0) (HKLM\...\1F35118DF730077690CF2BAEBDAC57D2138F7E44) (Version: 06/08/2012 1.1.3.0 - Motorola)
Windows Driver Package - Motorola (usbser) Ports  (11/26/2012 1.0.1.0) (HKLM\...\23D2826F79B1BE46FCB42BB6BF83B57975E5A7F8) (Version: 11/26/2012 1.0.1.0 - Motorola)
Windows Driver Package - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\7F88F2DFE1ABA293DADBE5DA286367B63BC6803B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\95CB371FE417AB927308B5EA16B0FFD8902579FC) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0) (HKLM\...\14AE004B19BD3BB393FF6268715C15E1F14216E8) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0) (HKLM\...\75005F34035E512FEEBCAE8E47C427F0D5B95E92) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0) (HKLM\...\0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\48D2E7EFFD4BAB26BC0C02AD45ACAAE9F6DCE93B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\27E187FA129B3851CA36E7EFD57A4B410C363A74) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\0538728B8C08F691CFD167E4B7C479EF672BDBCB) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscebus) USB  (11/30/2012 5.30.14.0) (HKLM\...\DBB8AAF635B8C4AFC784BE729331BD04DBE1002D) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscemdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\86E162131DFD10D5894F0B148F3FB8E8562D602B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssceserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\774F03A40D4344CD199548B37D6686E7A3B91FDF) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (05/13/2011 5.28.2.1) (HKLM\...\CC16886829EBCBDE3BFDAE395E74FACD43F1386F) (Version: 05/13/2011 5.28.2.1 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.68 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1423621074-1295479501-3697453752-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1423621074-1295479501-3697453752-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1423621074-1295479501-3697453752-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1423621074-1295479501-3697453752-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
06-01-2015 16:36:17 Scheduled Checkpoint
02-02-2015 12:53:26 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 16:26 - 2015-02-03 02:41 - 00000860 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03FED2CB-027C-4383-B983-D9C9360711F4} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-02] (ASUSTeK Computer Inc.)
Task: {093532E0-C987-4E34-A922-44B225E51F9C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {1550C61E-63BB-4D35-997D-A43686FD9881} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-24] (AsusTek)
Task: {208688ED-1D92-4C96-A497-AE512FA08E19} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-05] ()
Task: {22FBB448-10EF-4B3C-9DFE-1AF59E4CC3B2} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-02] (ASUSTeK Computer Inc.)
Task: {3523CAA7-C489-4827-86FB-9BA3FD45F6CD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-02] (Enigma Software Group USA, LLC.)
Task: {49CD7A91-6EC6-4596-9166-5E74B0EFA98E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {4A72338A-0706-47FE-A746-21C71633AA18} - System32\Tasks\{080EF2C6-6D32-4E41-9107-DA96495ACEFD} => pcalua.exe -a "C:\Program Files (x86)\WinZipper\eUninstall.exe"
Task: {4BB2F643-232C-4FDE-860C-66678E060C33} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-20] (ASUS)
Task: {70E6F724-FD79-493D-BEA2-6961F861A67F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {8EB612BC-FDC7-45D0-8D46-BB824A03D57A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A34AC560-E635-47EE-BB69-EA55EE09B5B2} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-17] (ASUSTeK Computer Inc.)
Task: {C4E29A64-C836-45A2-B78D-E0E864A6E3E7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {EAD71C7D-06F4-496C-B074-46CBEDDCECD0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-30] (ASUSTek Computer Inc.)
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-19 17:10 - 2012-12-19 17:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-03-02 16:14 - 2013-10-09 12:02 - 00066560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-05-24 15:32 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-05-24 15:32 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-05-24 15:32 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-05-24 15:34 - 2014-05-24 15:34 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-01 21:58 - 2013-01-02 17:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-02-03 12:00 - 2014-12-19 05:01 - 00192376 _____ () C:\ProgramData\STOPzilla!\VIPRE\libBase64.dll
2015-02-03 12:00 - 2014-12-19 05:01 - 00180088 _____ () C:\ProgramData\STOPzilla!\VIPRE\libMachoUniv.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-20 12:16 - 2013-08-20 12:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-17 05:03 - 2013-08-17 05:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-05-24 15:32 - 2014-05-24 15:32 - 00312896 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-05-24 15:32 - 2014-05-24 15:32 - 00354368 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-04-28 05:24 - 2013-04-28 05:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4ABA35EE
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1423621074-1295479501-3697453752-500 - Administrator - Disabled)
Guest (S-1-5-21-1423621074-1295479501-3697453752-501 - Limited - Disabled)
Jon (S-1-5-21-1423621074-1295479501-3697453752-1001 - Administrator - Enabled) => C:\Users\Jon
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Realtek Bluetooth 4.0 + High Speed Chip
Description: Realtek Bluetooth 4.0 + High Speed Chip
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2015 11:37:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/03/2015 11:37:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/03/2015 11:37:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d34
 
Start Time: 01d03f497db8f81e
 
Termination Time: 4294967295
 
Application Path: UNKNOWN
 
Report Id: c6126da9-ab3c-11e4-be95-40167e444b43
 
Faulting package full name: microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.ModernPhotos
 
Error: (02/03/2015 11:37:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
 
Error: (02/03/2015 11:30:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/03/2015 11:30:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: App Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader did not launch within its allotted time.
 
Error: (02/03/2015 11:25:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: App Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic did not launch within its allotted time.
 
Error: (02/03/2015 11:25:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/03/2015 11:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
Faulting module name: EntPlat.dll, version: 1.1.144.0, time stamp: 0x50edd52d
Exception code: 0xc0000005
Fault offset: 0x0000000000008ec3
Faulting process id: 0x2c18
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (02/03/2015 11:02:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program glcnd.exe version 6.2.9200.20623 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e0c
 
Start Time: 01d03efc9e585a8a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exe
 
Report Id: ee30d3c5-ab37-11e4-be94-40167e444b43
 
Faulting package full name: Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.Reader
 
 
System errors:
=============
Error: (02/03/2015 11:37:06 AM) (Source: DCOM) (EventID: 10010) (User: Jonathan)
Description: Microsoft.WindowsLive.ModernPhotos.wwa
 
Error: (02/03/2015 11:31:47 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x20000000000c2.  The name of the file is "\Users\Jon\AppData\Local".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:40 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x100000000119c.  The name of the file is "\Program Files (x86)".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:18 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:18 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:18 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:17 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:17 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:17 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/03/2015 04:06:17 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x2000000033015.  The name of the file is "\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
 
Microsoft Office Sessions:
=========================
Error: (02/03/2015 11:37:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos-2144927142
 
Error: (02/03/2015 11:37:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos-2144927142
 
Error: (02/03/2015 11:37:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: UNKNOWN0.0.0.0d3401d03f497db8f81e4294967295UNKNOWNc6126da9-ab3c-11e4-be95-40167e444b43microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos
 
Error: (02/03/2015 11:37:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
 
Error: (02/03/2015 11:30:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927142
 
Error: (02/03/2015 11:30:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader
 
Error: (02/03/2015 11:25:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Jonathan)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
 
Error: (02/03/2015 11:25:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jonathan)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic-2147023170
 
Error: (02/03/2015 11:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.2.9200.16420505a9152EntPlat.dll1.1.144.050edd52dc00000050000000000008ec32c1801d03f46bfaa7219C:\Windows\system32\wwahost.exeC:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.1.144.0_x64__8wekyb3d8bbwe\EntPlat.dll2925fce3-ab3b-11e4-be94-40167e444b43Microsoft.ZuneMusic_1.1.144.0_x64__8wekyb3d8bbweMicrosoft.ZuneMusic
 
Error: (02/03/2015 11:02:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: glcnd.exe6.2.9200.20623e0c01d03efc9e585a8a4294967295C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exeee30d3c5-ab37-11e4-be94-40167e444b43Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbweMicrosoft.Reader
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 65%
Total physical RAM: 3966.98 MB
Available physical RAM: 1371.72 MB
Total Pagefile: 14206.98 MB
Available Pagefile: 10444 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:131.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57788C0B)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:22 PM

Posted 04 February 2015 - 10:17 AM

Greetings,

Hold on tight because we are going to tackle quite a bit in this first post. Your computer is in need of some tender care. :)

Please consider and do these things.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

STOPzilla
Norton Internet Security


===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

WinZipper

  • Reboot your computer

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S2 0196411393738574mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\019641~1.EXE -cleanup -nolog [X]
C:\Users\ADMINI~1\AppData\Local\Temp\019641~1.EXE
Task: {4A72338A-0706-47FE-A746-21C71633AA18} - System32\Tasks\{080EF2C6-6D32-4E41-9107-DA96495ACEFD} => pcalua.exe -a "C:\Program Files (x86)\WinZipper\eUninstall.exe"
AlternateDataStreams: C:\ProgramData\Temp:4ABA35EE
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1423621074-1295479501-3697453752-1001\Software\Classes\exefile:  <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
*decrypt*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply

===================================================

CheckDiskGUI

--------------------

  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Were you able to uninstall an Antivirus program?
  • Did WinZipper uninstall?
  • Fixlog
  • Search.txt
  • CheckDiskGUI results

Edited by Oh My!, 04 February 2015 - 08:33 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:22 PM

Posted 08 February 2015 - 08:51 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:22 PM

Posted 10 February 2015 - 09:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users