Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vampire Goobzo and Broswer-Freeze Pop-ups


  • This topic is locked This topic is locked
6 replies to this topic

#1 LostInTheSupermarket

LostInTheSupermarket

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 06 March 2015 - 05:38 PM

I have switched laptops from a Samsung to a new Dell - both running Win 7 Home Premium and have seemingly intractable infections.

 

Tabs suddenly open telling me things like my new Flash Player is ready for download (from splayersv.net) and young ladies wanting to know if I'd like to chat.

 

Both laptops were new and used for business, only by me. I was very judicious in loading programs: MS Office, iTunes, and IE, Firefox, Chrome, plus Malwarebytes -- all latest versions loaded on a clean computer.

 

Malwarebytes scan reveals two instances of PUP.Optional.Goobzo,

C:\Program Files (x86)\Common Files\Goobzo

C:\Program Files\Common Files\Goozbo

 

I have quarantined these over 52 times in the past 10 days. They re-appear with the MB scan I run at every start-up.

 

Both Chrome and Firefox close without warning or launch new tabs. These would present excited warnings about adding a flash player or that my computer was in danger. Usually they had a dialog box telling me to call an 866 number. Neither the dialog box nor the tab would close and I couldn't switch to any other tab, forcing me into a complete system re-start. The last such incident had in the URL line:

 

S24pmg.security2015.pw

 

I have already tried various combinations of:

AdwCleaner

Junkware Removal

Malwarebytes

Hitman pro

 

 I’ve also run ESET in conjunction with ADC, JRT and MB.

 

I have done this protocol several times, to no avail. Here are the FRST logs after I disabled specific startups on the advice of Buddy 215. Any guidance will be greatly appreciated.

 

----------------FRST ---------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Michael (administrator) on MICHAEL-DELL on 06-03-2015 17:00:09
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available profiles: Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(MalwareProtection360) C:\Program Files (x86)\MalwareProtection360\MalwareProtection360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8921600 2013-11-27] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-15] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2888455996-3814515952-354008950-1000\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-15] (Google Inc.)
HKU\S-1-5-21-2888455996-3814515952-354008950-1000\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-2888455996-3814515952-354008950-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2888455996-3814515952-354008950-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2888455996-3814515952-354008950-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6fzdcdj0.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2888455996-3814515952-354008950-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2888455996-3814515952-354008950-1000: @talk.google.com/O1DPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2888455996-3814515952-354008950-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2888455996-3814515952-354008950-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "https://www.google.com/calendar?tab=mc", "hxxp://www.gmail.com/", "hxxp://vosteran.com/?f=7&a=vst_omxmedia_15_05_ch&cd=2XzuyEtN2Y1L1QzuyDtD0ByB0CtAyCtA0Ezz0CtC0CyE0BzztN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzyyCyEyByB0AzztGzy0B0DzytG0EtBtDtDtGtDyDtBtBtGtD0AtCyB0ByC0A0EtB0CtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtD0FyEzztCtBtAtGtDzy0CtAtGyE0Czz0EtGzy0A0EtAtG0B0E0CyDtBtBtB0BtDyB0C0B2Q&cr=1408592307&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Google Cast) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-28]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-02-28]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (QuickTime for Chrome) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkdifongmamddfegpjkmghbmoikkjai [2015-02-28]
CHR Extension: (Marvel Comics) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2015-02-28]
CHR Extension: (Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-02-28]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-28] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-05] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6170624 2013-11-27] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-11-27] (Broadcom Corporation.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 17:00 - 2015-03-06 17:00 - 00018518 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-03-06 12:50 - 2015-03-06 12:52 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PCDr
2015-03-06 12:50 - 2015-03-06 12:50 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-06 12:25 - 2015-03-06 17:00 - 00000000 ____D () C:\FRST
2015-03-06 12:24 - 2015-03-06 12:24 - 02092544 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-03-06 09:48 - 2015-03-06 09:48 - 00000000 ___HD () C:\Program Files\Common Files\Goobzo
2015-03-06 08:45 - 2015-03-06 08:46 - 00001323 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-03-06 08:41 - 2015-03-02 00:45 - 01388333 _____ (Thisisu) C:\Users\Michael\Desktop\JRT_NEW.exe
2015-03-05 14:26 - 2015-03-06 13:24 - 00003604 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-05 14:26 - 2015-03-05 14:26 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-03-05 14:25 - 2015-03-05 14:56 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-05 14:25 - 2015-03-05 14:25 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-05 14:24 - 2015-03-06 07:47 - 00000112 _____ () C:\Windows\setupact.log
2015-03-05 14:24 - 2015-03-05 14:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-05 12:46 - 2015-03-06 16:26 - 00051396 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 12:37 - 2015-03-05 12:37 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2015-03-05 12:36 - 2015-03-06 16:56 - 00000000 ____D () C:\Users\Michael\Desktop\ESET Scan
2015-03-05 11:28 - 2015-03-05 11:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-05 11:19 - 2015-03-06 13:23 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-05 11:19 - 2015-03-05 11:19 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-05 11:18 - 2015-03-05 11:19 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files\ShopperPro
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files\Settings Manager
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files\SearchProtect
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files\Linkey
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files (x86)\ShopperPro
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files (x86)\Settings Manager
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files (x86)\SearchProtect
2015-03-03 18:32 - 2015-03-03 18:32 - 00000000 ___HD () C:\Program Files (x86)\Linkey
2015-03-02 22:10 - 2015-03-02 22:20 - 899144606 _____ () C:\Users\Michael\Downloads\archive.zip
2015-03-01 14:58 - 2015-03-01 14:59 - 302470552 _____ (AMD Inc.) C:\Users\Michael\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-02-28 22:37 - 2015-02-28 22:37 - 00001895 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-28 22:37 - 2015-02-28 22:37 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-28 22:36 - 2015-02-28 22:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-28 22:08 - 2015-02-28 22:10 - 10995632 _____ (SurfRight B.V.) C:\Users\Michael\Downloads\HitmanPro_x64.exe
2015-02-28 22:04 - 2015-02-28 22:04 - 01388274 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2015-02-28 21:52 - 2015-02-28 21:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Intel_Corporation
2015-02-28 17:38 - 2015-02-28 17:38 - 00000000 ___HD () C:\Users\Michael\AppData\Roaming\Linkey
2015-02-28 17:21 - 2015-02-28 17:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2015-02-28 16:54 - 2015-02-28 17:37 - 00000000 ____D () C:\AdwCleaner
2015-02-28 16:53 - 2015-02-28 16:53 - 02126848 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2015-02-28 14:05 - 2015-02-28 14:06 - 00000000 ____D () C:\Users\Michael\Downloads\spsetup126 (1)
2015-02-28 14:04 - 2015-02-28 14:04 - 05269617 _____ () C:\Users\Michael\Downloads\spsetup126 (1).zip
2015-02-28 13:59 - 2015-02-28 13:59 - 00000000 ____D () C:\Users\Michael\Downloads\spsetup126
2015-02-28 13:57 - 2015-02-28 13:58 - 00552791 _____ () C:\Users\Michael\Downloads\spsetup126.zip
2015-02-28 12:50 - 2015-02-28 12:50 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-28 12:50 - 2015-02-28 12:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-28 12:50 - 2015-02-28 12:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-28 12:49 - 2015-02-28 12:49 - 14160536 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall.exe
2015-02-28 12:04 - 2015-02-28 12:04 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-28 12:04 - 2015-02-28 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-28 12:03 - 2015-03-06 13:24 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-28 12:03 - 2015-03-06 13:24 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-28 12:03 - 2015-03-06 13:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 12:03 - 2015-03-06 13:24 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 16:37 - 2015-02-28 14:10 - 00000723 _____ () C:\Users\Michael\Downloads\Full Fiat Export EXPORT.CSV
2015-02-27 16:36 - 2015-02-27 16:36 - 00000225 _____ () C:\Users\Michael\Downloads\Fiat Payment EXPORT.CSV
2015-02-26 11:00 - 2015-02-26 11:00 - 00023760 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2015-02-26 11:00 - 2015-02-26 11:00 - 00023312 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2015-02-25 16:41 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 16:41 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 14:12 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 14:12 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 14:12 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 14:12 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 16:35 - 2015-02-19 16:35 - 24594067 _____ () C:\Users\Michael\Downloads\Test.mp4
2015-02-17 11:10 - 2015-02-17 11:10 - 00000000 ____D () C:\Users\Michael\Documents\New folder
2015-02-16 00:00 - 2015-03-06 07:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Apple Computer
2015-02-16 00:00 - 2015-02-16 00:00 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-16 00:00 - 2015-02-16 00:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apple Computer
2015-02-16 00:00 - 2015-02-16 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-16 00:00 - 2012-10-03 17:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-02-15 23:59 - 2015-02-16 00:00 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-15 23:59 - 2015-02-16 00:00 - 00000000 ____D () C:\Program Files\iTunes
2015-02-15 23:59 - 2015-02-15 23:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apple
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Program Files\iPod
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-15 23:58 - 2015-02-15 23:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-15 23:58 - 2015-02-15 23:58 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-15 23:58 - 2015-02-15 23:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-15 23:57 - 2015-02-15 23:59 - 00000000 ____D () C:\ProgramData\Apple
2015-02-15 16:00 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-15 16:00 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 16:00 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-15 16:00 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 10:14 - 2015-02-15 10:15 - 152439600 _____ (Apple Inc.) C:\Users\Michael\Downloads\itunes6464setup(1).exe
2015-02-14 22:48 - 2015-02-14 22:51 - 152439600 _____ (Apple Inc.) C:\Users\Michael\Downloads\itunes6464setup.exe
2015-02-14 18:32 - 2015-02-14 18:32 - 00000000 ____D () C:\Corn Fest 2014
2015-02-14 18:32 - 2015-02-14 18:32 - 00000000 ____D () C:\Computers - Copy
2015-02-14 18:32 - 2015-02-14 18:32 - 00000000 ____D () C:\Computers
2015-02-14 18:32 - 2015-02-14 18:32 - 00000000 ____D () C:\Chuck Correspondence
2015-02-14 18:32 - 2015-02-13 00:36 - 00013956 _____ () C:\Backup of Weather Gadget Fix.wbk
2015-02-14 18:32 - 2015-02-12 23:47 - 02302976 _____ () C:\Notes 2_12_15.pst
2015-02-14 18:32 - 2015-02-06 21:12 - 02302976 _____ () C:\Notes 2_5_15.pst
2015-02-14 18:32 - 2015-02-04 14:20 - 02302976 _____ () C:\Notes 2_4_15.pst
2015-02-14 18:32 - 2015-02-04 14:19 - 02302976 _____ () C:\Notes 12_9_14.pst
2015-02-14 18:32 - 2014-11-23 22:13 - 02302976 _____ () C:\Notes 11_23_14.pst
2015-02-14 18:32 - 2014-10-19 18:34 - 02302976 _____ () C:\Notes July 23 2014.pst
2015-02-14 18:32 - 2014-10-17 14:53 - 08069928 _____ (Auslogics Labs Pty Ltd ) C:\pc-speed-up-setup.exe
2015-02-14 18:32 - 2014-10-04 17:54 - 00134326 _____ () C:\Wish I Could Sing Like That.aup
2015-02-14 18:32 - 2014-09-15 20:14 - 189062046 _____ () C:\Corn Fest 2014.zip
2015-02-14 18:32 - 2014-09-15 19:55 - 93946290 _____ () C:\Cornfest 2014_JP.zip
2015-02-14 18:32 - 2014-07-13 23:31 - 02302976 _____ () C:\Notes July 13 2014.pst
2015-02-14 18:32 - 2014-07-13 23:30 - 02302976 _____ () C:\Notes May 15 2014.pst
2015-02-14 18:32 - 2014-03-19 19:45 - 00009537 _____ () C:\2013 taxes charities.xlsx
2015-02-14 18:32 - 2014-02-24 21:08 - 02302976 _____ () C:\Notes Feb 24 2014.pst
2015-02-14 18:32 - 2011-10-20 08:46 - 63520291 _____ () C:\beck_recordclub_vu_nico_agdfairplay.zip
2015-02-14 18:31 - 2015-03-05 12:14 - 00000000 ____D () C:\Wipe Hard Drives
2015-02-14 18:31 - 2015-02-14 18:31 - 00000000 ____D () C:\Wish I Could Sing Like That_data
2015-02-14 18:29 - 2015-03-02 22:07 - 00000000 ____D () C:\Waters
2015-02-14 18:29 - 2015-02-14 18:29 - 00000000 ____D () C:\Sox2014
2015-02-14 18:29 - 2014-03-03 19:15 - 00000000 ____D () C:\SouthFest
2015-02-14 18:28 - 2015-02-24 11:44 - 00000000 ____D () C:\DemandWare
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\PowerDirector
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Pono
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Photos
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Office
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Netezza
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Midwest
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\FoodLife
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Files Terminator Free
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\CornFest 2013_JP
2015-02-14 18:22 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-14 18:22 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 18:22 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-14 18:22 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 18:22 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-14 18:22 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-14 18:22 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-14 18:22 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-14 18:22 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-14 18:22 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 18:22 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-14 18:22 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-14 18:22 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-14 18:22 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-14 18:22 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 18:22 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-14 18:22 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-14 18:21 - 2015-03-06 12:50 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-14 18:21 - 2015-02-14 18:21 - 00004042 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-14 18:21 - 2015-02-14 18:21 - 00003230 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-14 18:21 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 18:21 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 18:21 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-14 18:21 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 18:21 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 18:21 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 18:21 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 18:21 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 18:21 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 18:21 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 18:21 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-14 18:21 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-14 18:21 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-14 18:21 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 18:21 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-14 18:21 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-14 18:21 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 18:21 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-14 18:21 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 18:21 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-14 18:21 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-14 18:21 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-14 18:21 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-14 18:21 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 18:21 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 18:21 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-14 18:21 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-14 18:21 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 18:21 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-14 18:21 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 18:21 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-14 18:21 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-14 18:21 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-14 18:21 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 18:21 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 18:21 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-14 18:21 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-14 18:20 - 2015-02-14 18:20 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-14 18:20 - 2015-02-14 18:20 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-14 18:20 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 18:20 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 18:20 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 18:20 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 18:20 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 18:20 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 18:20 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 18:20 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 18:20 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 18:20 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 18:20 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 18:20 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-14 18:20 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-14 18:20 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-14 18:20 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-14 18:20 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-14 18:20 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-14 18:20 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 18:20 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-14 18:20 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-14 18:20 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-14 18:20 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-14 18:20 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 18:20 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-14 18:20 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-14 18:20 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-14 18:20 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-14 18:20 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-14 18:19 - 2015-02-14 18:25 - 00000000 ____D () C:\2014
2015-02-14 18:19 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 18:19 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-14 18:19 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-14 18:19 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-14 18:19 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-14 18:19 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-14 18:19 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-14 18:19 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 18:19 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-14 18:06 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-06 16:54 - 2015-02-06 16:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-06 16:54 - 2015-02-06 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-06 16:52 - 2015-02-06 16:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-06 16:52 - 2015-02-06 16:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-06 15:55 - 2015-03-06 16:39 - 00000000 ____D () C:\Users\Michael\Documents\Outlook Files
2015-02-06 13:11 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-06 13:11 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-06 13:11 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-06 13:11 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-06 13:11 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 16:41 - 2014-12-28 21:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 16:29 - 2009-07-14 00:13 - 00785942 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-06 13:24 - 2014-12-15 15:17 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2888455996-3814515952-354008950-1000UA
2015-03-06 13:24 - 2014-12-15 15:17 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2888455996-3814515952-354008950-1000Core
2015-03-06 13:24 - 2014-12-15 15:17 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888455996-3814515952-354008950-1000UA.job
2015-03-06 13:24 - 2014-12-15 15:17 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888455996-3814515952-354008950-1000Core.job
2015-03-06 13:23 - 2014-08-05 21:30 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-06 13:23 - 2014-08-05 21:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 09:03 - 2011-02-10 11:10 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-06 08:46 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 08:46 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:55 - 2014-08-05 21:49 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-06 07:48 - 2014-12-15 17:30 - 00003758 _____ () C:\Windows\System32\Tasks\Malware Protection 360 Updater
2015-03-06 07:48 - 2014-12-15 17:30 - 00003240 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2015-03-06 07:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 14:25 - 2014-08-05 21:35 - 00000000 ____D () C:\Program Files\Dell
2015-03-05 11:23 - 2011-02-10 09:02 - 00000000 ____D () C:\Windows\panther
2015-03-03 18:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-03 08:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 12:04 - 2014-12-25 14:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 13:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 22:45 - 2014-12-15 16:10 - 00109296 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 22:43 - 2009-07-13 23:45 - 00408216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 21:49 - 2015-01-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 21:46 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-14 21:39 - 2015-01-14 12:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 21:36 - 2015-01-14 12:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-14 18:20 - 2014-08-05 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-06 16:54 - 2014-08-05 21:45 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 14:22 - 2014-08-05 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 14:22 - 2014-08-05 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 13:17 - 2014-12-15 15:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2014-12-15 17:29 - 2014-12-15 17:29 - 0000064 _____ () C:\Users\Michael\AppData\Local\cac2385838c6636cad52f5a3d493e38d
2014-08-05 23:22 - 2014-08-05 23:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-05 12:26

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 PM

Posted 11 March 2015 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(MalwareProtection360) C:\Program Files (x86)\MalwareProtection360\MalwareProtection360.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2888455996-3814515952-354008950-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "https://www.google.com/calendar?tab=mc", "hxxp://www.gmail.com/", "hxxp://vosteran.com/?f=7&a=vst_omxmedia_15_05_ch&cd=2XzuyEtN2Y1L1QzuyDtD0ByB0CtAyCtA0Ezz0CtC0CyE0BzztN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzyyCyEyByB0AzztGzy0B0DzytG0EtBtDtDtGtDyDtBtBtGtD0AtCyB0ByC0A0EtB0CtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtD0FyEzztCtBtAtGtDzy0CtAtGyE0Czz0EtGzy0A0EtAtG0B0E0CyDtBtBtB0BtDyB0C0B2Q&cr=1408592307&ir="
C:\Program Files (x86)\MalwareProtection360

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 LostInTheSupermarket

LostInTheSupermarket
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 12 March 2015 - 11:49 PM

Thank you, nasdaq

 

Was away most of the day, but the initial observance is that in the hour or two I ran Chrome, there haven't been any popups. I want to test it out a little further, and maybe re-install Firefox (which I'd uninstalled a week ago, but seems to show up in logfiles anyway).

 

On booting, Malwarebytes still finds both PUP.Optional.Goobzo infections.

 

Is there any reason to use/retain Hitman?

 

Here's the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Michael at 2015-03-11 16:56:34 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available profiles: Michael)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
(MalwareProtection360) C:\Program Files (x86)\MalwareProtection360\MalwareProtection360.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2888455996-3814515952-354008950-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "https://www.google.com/calendar?tab=mc", "hxxp://www.gmail.com/", "hxxp://vosteran.com/?f=7&a=vst_omxmedia_15_05_ch&cd=2XzuyEtN2Y1L1QzuyDtD0ByB0CtAyCtA0Ezz0CtC0CyE0BzztN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzyyCyEyByB0AzztGzy0B0DzytG0EtBtDtDtGtDyDtBtBtGtD0AtCyB0ByC0A0EtB0CtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtD0FyEzztCtBtAtGtDzy0CtAtGyE0Czz0EtGzy0A0EtAtG0B0E0CyDtBtBtB0BtDyB0C0B2Q&cr=1408592307&ir="
C:\Program Files (x86)\MalwareProtection360
 
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\MalwareProtection360\MalwareProtection360.exe => No running process found
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2888455996-3814515952-354008950-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome StartupUrls deleted successfully.
C:\Program Files (x86)\MalwareProtection360 => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:56:35 ====

Edited by LostInTheSupermarket, 12 March 2015 - 11:51 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 PM

Posted 13 March 2015 - 08:06 AM

Run malware bytes and clean everything that will be found.
===

If the problem persists try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Keep me posted.

#5 LostInTheSupermarket

LostInTheSupermarket
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 13 March 2015 - 09:29 AM

When I turned the machine on this morning, it went through a fairly lengthy process of installing Windows updates (I have it set to do this automatically). After it re-started Windows I ran MB and -- surprise! -- no malicious programs (ie Goobzo) were found. I'll use both IE and Chrome today to see if any problems arise.

 

With all the other protection/diagnostic programs I have, Is there any reason to use/retain Hitman? I have the 30-day trial version installed, but think it might be overkill.

 

Thanks once again.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 PM

Posted 14 March 2015 - 07:13 AM

With all the other protection/diagnostic programs I have, Is there any reason to use/retain Hitman? I have the 30-day trial version installed, but think it might be overkill.


It's not required.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 PM

Posted 20 March 2015 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users