Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with MediaPlayer, Shopping Assistant


  • This topic is locked This topic is locked
8 replies to this topic

#1 sherill

sherill

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 06 September 2015 - 06:58 PM

This started while on Amazon.com. Always there is a Shopping Assistant [ads by rightcoupon] along the right side of the page along with a little pop-up Best Value list of other places/prices to purchase said item. Sometimes, I will be notified in a pop up box that I've won something, I click no thanks, and the amazon page then defaults to a "this item not found" page.

 

There will also  be a new tab opened that tells me to update my browser, but upon further investigation, it wants me to update MediaPlayer that is part of my browser (Firefox 40.0.3). I don't think I ever did click on it

 

I've tried all kinds of apps to remove thism but have never seen than anything at all has been added to my programs list in my control panel. Obviously, I'm not going to figure out this one on my own. I'll gladly welcome help!

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 sherill

sherill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 06 September 2015 - 07:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01
Ran by sheri_000 (administrator) on MOTHERSHIP13 (06-09-2015 18:40:35)
Running from C:\Users\sheri_000\Desktop
Loaded Profiles: sheri_000 (Available Profiles: sheri_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\sheri_000\Desktop\csamp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\sheri_000\AppData\Local\Google\Update\GoogleUpdate.exe
(Trend Micro Inc.) C:\Users\sheri_000\Desktop\HijackThis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-29] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\Run: [Google Update] => C:\Users\sheri_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\Run: [MusicManager] => C:\Users\sheri_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\sheri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2013-09-11]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2E715299-4484-4E24-97DF-95F22582BD8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)

FireFox:
========
FF ProfilePath: C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://mail.google.com/mail/u/0/?tab=wm#drafts
hxxp://applications.marykayintouch.com/Community/Default.aspx
hxxp://helmsangels.com/new_consultants.html
hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2318224677-3328993140-470927835-1001: @citrixonline.com/appdetectorplugin -> C:\Users\sheri_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2318224677-3328993140-470927835-1001: @tools.google.com/Google Update;version=3 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2318224677-3328993140-470927835-1001: @tools.google.com/Google Update;version=9 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2318224677-3328993140-470927835-1001: hp.com/HPDetect -> C:\Users\sheri_000\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Extension: Diccionario de Español/México - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\es-MX@dictionaries.addons.mozilla.org [2014-06-24]
FF Extension: Garmin Communicator - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-28]
FF Extension: Diigo Toolbar - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013-12-14]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-09-06]
FF Extension: MediaPlayer - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-05-27]
FF Extension: Pin It Button - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-09-15]
FF Extension: Google Translator for Firefox - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\translator@zoli.bod.xpi [2014-09-11]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-09-06]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://fwafatech.net/"
CHR Plugin: (Shockwave Flash
         "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\39.0.2171.65\\PepperFlash\\pepflashplayer.dll") - "name": "Shockwave Flash",
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer
         "path": "internal-remoting-viewer") - "name": "Chrome Remote Desktop Viewer",
internal-remoting-viewer
CHR Plugin: (Native Client
         "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\39.0.2171.65\\ppGoogleNaClPluginChrome.dll") - "name": "Native Client",
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer
         "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\39.0.2171.65\\pdf.dll") - "name": "Chrome PDF Viewer",
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll No File
CHR Plugin: (Google Update
         "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology
         "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\IPT\\npIntelWebAPIIPT.dll") - "name": "Intel® Identity Protection Technology",
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: (Intel® Identity Protection Technology
         "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\IPT\\npIntelWebAPIUpdater.dll") - "name": "Intel® Identity Protection Technology",
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Plugin: (Windows Live™ Photo Gallery
         "path": "C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll") - "name": "Windows Live™ Photo Gallery",
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Profile: C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (YouTube) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Smartsheet Project Management) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm [2013-09-06]
CHR Extension: (Google Search) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Chrome In-App Payments service) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\sheri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 ModernMix; C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe [74296 2014-06-12] (Stardock Software, Inc)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-03-29] (IDT, Inc.) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-08] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 18:40 - 2015-09-06 18:40 - 00019671 _____ C:\Users\sheri_000\Desktop\FRST.txt
2015-09-06 18:40 - 2015-09-06 18:40 - 00000000 ____D C:\FRST
2015-09-06 18:37 - 2015-09-06 18:37 - 02190336 _____ (Farbar) C:\Users\sheri_000\Desktop\FRST64.exe
2015-09-06 18:12 - 2015-09-06 18:12 - 00010235 _____ C:\Users\sheri_000\Desktop\hijackthis_090515.log
2015-09-06 18:12 - 2015-09-06 18:12 - 00010235 _____ C:\Users\sheri_000\Desktop\hijackthis.log
2015-09-06 18:06 - 2015-09-06 18:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\sheri_000\Desktop\HijackThis.exe
2015-08-29 07:28 - 2015-08-29 07:28 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0e25644dbd57f
2015-08-29 07:28 - 2015-08-29 07:28 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e25644dbd57f.job
2015-08-28 23:27 - 2015-08-28 23:27 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001UA1d0e2139e614fb
2015-08-28 23:27 - 2015-08-28 23:27 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001UA1d0e2139e614fb.job
2015-08-27 23:03 - 2015-09-01 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-25 15:14 - 2015-08-25 15:14 - 00445554 _____ C:\Users\sheri_000\Desktop\scriptDebugger_facebook.txt
2015-08-25 14:22 - 2015-08-25 14:26 - 00000000 ____D C:\AdwCleaner
2015-08-25 13:48 - 2015-08-25 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 00:15 - 2015-08-23 01:09 - 00000000 ____D C:\WINDOWS\Panther
2015-08-20 16:37 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-20 16:37 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 13:15 - 2015-08-18 13:26 - 00002944 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-18 13:15 - 2015-08-18 13:26 - 00002944 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-08-18 13:15 - 2015-08-18 13:14 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-18 13:15 - 2015-08-18 13:14 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-08-18 13:14 - 2015-08-25 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-18 13:14 - 2015-08-18 13:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-08-12 09:14 - 2015-08-12 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-11 15:45 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 15:45 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 15:25 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-11 15:25 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-11 15:25 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-11 15:25 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-11 15:25 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-11 15:25 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-11 15:25 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-11 15:25 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-11 15:25 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-11 15:25 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-11 15:25 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-11 15:25 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-11 15:25 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-11 15:25 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-11 15:25 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-11 15:25 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-11 15:25 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-11 15:25 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-11 15:25 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-11 15:25 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-11 15:25 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-11 15:25 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-11 15:25 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-11 15:25 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-11 15:25 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-11 15:25 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-11 15:25 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-11 15:25 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-11 15:25 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-11 15:25 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-11 15:25 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-11 15:25 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-11 15:25 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-11 15:25 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-11 15:25 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-11 15:25 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-11 15:25 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-11 15:25 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-11 15:25 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-11 15:25 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-11 15:25 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-11 15:25 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-11 15:24 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-11 15:24 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-11 15:24 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-11 15:24 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-11 15:24 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-11 15:24 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-11 15:24 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-11 15:24 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-11 15:24 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-11 15:24 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-11 15:24 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-11 15:24 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-11 15:24 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-11 15:24 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-11 15:24 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 15:24 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-11 15:24 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-11 15:24 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-11 15:24 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-11 15:24 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-11 15:24 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-11 15:24 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-11 15:24 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-11 15:24 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-11 15:24 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-11 15:24 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-11 15:24 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-11 15:24 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-11 15:24 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-11 15:24 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-11 15:24 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-11 15:24 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-11 15:24 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-11 15:24 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-11 15:24 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-11 15:24 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-11 15:24 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-11 15:24 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-11 15:24 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-11 15:24 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-11 15:24 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-11 15:24 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-11 15:24 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-11 15:24 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-11 15:24 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-11 15:24 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-11 15:24 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-11 15:24 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-11 12:57 - 2015-08-11 12:57 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-10 11:28 - 2015-08-10 11:28 - 06483456 _____ (Tim Kosse) C:\Users\sheri_000\Downloads\FileZilla_3.12.0.2_win64-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 18:39 - 2013-09-11 13:23 - 04192256 ___SH C:\Users\sheri_000\Desktop\Thumbs.db
2015-09-06 18:32 - 2015-02-07 17:27 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001Core1d0432544996b81.job
2015-09-06 18:29 - 2014-09-04 16:32 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42A4EAFE-2EF9-4310-8E3D-2875D3FF66B7}
2015-09-06 18:28 - 2014-06-21 16:18 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8d964ec510da.job
2015-09-06 18:08 - 2013-09-06 12:01 - 00000000 ____D C:\Users\sheri_000\AppData\Local\VirtualStore
2015-09-06 18:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 17:57 - 2013-11-11 09:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-06 17:48 - 2014-06-23 22:28 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001UA1cf8f5c4d08ade1.job
2015-09-06 17:38 - 2014-07-08 17:05 - 01100864 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 16:32 - 2015-07-06 20:16 - 00000000 ____D C:\Users\sheri_000\Desktop\MK
2015-09-06 16:32 - 2013-12-14 14:13 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001Core1cef9009bb61434.job
2015-09-06 12:28 - 2013-09-06 12:18 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 07:33 - 2015-02-05 13:23 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04170d12909a6.job
2015-09-05 23:32 - 2015-07-15 18:27 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001Core1d0bf55e049a29b.job
2015-09-05 09:49 - 2013-09-08 16:57 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-05 09:32 - 2013-09-06 12:10 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2318224677-3328993140-470927835-1001
2015-09-05 08:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-04 15:55 - 2014-03-18 05:03 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-04 15:52 - 2015-03-08 15:23 - 00008609 _____ C:\WINDOWS\setupact.log
2015-09-02 07:49 - 2015-08-05 07:49 - 00003348 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-09-01 14:21 - 2013-09-06 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 07:28 - 2015-02-05 13:23 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d04170d12909a6
2015-08-28 23:27 - 2015-07-15 18:27 - 00003524 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001Core1d0bf55e049a29b
2015-08-28 23:27 - 2015-05-18 09:43 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001UA1d0917912d7a708
2015-08-28 23:27 - 2015-05-18 09:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2318224677-3328993140-470927835-1001UA1d0917912d7a708.job
2015-08-26 12:29 - 2013-09-16 14:25 - 00180736 ___SH C:\Users\sheri_000\Documents\Thumbs.db
2015-08-25 15:04 - 2014-07-08 18:18 - 00000000 ___DO C:\Users\sheri_000\OneDrive
2015-08-25 15:02 - 2014-07-08 16:51 - 00000000 ____D C:\Users\sheri_000
2015-08-25 15:02 - 2014-03-18 04:54 - 00030436 _____ C:\WINDOWS\PFRO.log
2015-08-25 15:02 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 15:01 - 2013-09-09 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-25 15:01 - 2013-09-09 12:50 - 00000000 ____D C:\Program Files (x86)\HP
2015-08-25 15:01 - 2013-09-06 16:58 - 00007217 _____ C:\ProgramData\hpzinstall.log
2015-08-25 14:59 - 2014-06-26 23:29 - 00000000 ____D C:\Users\sheri_000\Documents\Garmin
2015-08-25 14:59 - 2014-06-26 23:18 - 00000000 ____D C:\ProgramData\Garmin
2015-08-25 14:59 - 2014-06-26 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-25 14:59 - 2014-06-26 23:13 - 00000000 ____D C:\Users\sheri_000\AppData\Roaming\Garmin
2015-08-25 14:59 - 2013-09-09 14:03 - 00000000 ____D C:\Program Files (x86)\FreeTime
2015-08-25 14:58 - 2013-09-09 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-25 14:30 - 2014-08-21 15:11 - 00000000 ____D C:\Users\sheri_000\AppData\Local\Adobe
2015-08-25 14:26 - 2015-04-14 15:55 - 00000000 ____D C:\Users\sheri_000\AppData\Local\CrashDumps
2015-08-25 14:26 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-25 14:12 - 2015-02-03 17:42 - 00000000 ____D C:\Users\sheri_000\AppData\Local\Autodesk
2015-08-25 14:07 - 2015-04-30 11:59 - 00000000 ____D C:\Users\sheri_000\AppData\Local\Citrix
2015-08-25 14:06 - 2013-12-14 15:03 - 00000000 ____D C:\Program Files (x86)\Energetic Software
2015-08-25 13:36 - 2013-09-09 14:19 - 00000000 ____D C:\Users\sheri_000\AppData\Roaming\FileZilla
2015-08-23 01:04 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-22 14:10 - 2015-05-31 23:12 - 00003724 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2318224677-3328993140-470927835-1001
2015-08-22 09:54 - 2014-04-12 14:39 - 00003196 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForsheri_000
2015-08-22 09:54 - 2014-04-12 14:39 - 00000374 _____ C:\WINDOWS\Tasks\HPCeeScheduleForsheri_000.job
2015-08-21 21:00 - 2013-09-09 14:18 - 00000000 ____D C:\Users\sheri_000\Downloads\090913_initialInstalls
2015-08-20 16:38 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-18 13:09 - 2015-01-14 15:02 - 00000000 __SHD C:\Users\sheri_000\AppData\Local\EmieBrowserModeList
2015-08-18 13:09 - 2014-09-04 16:32 - 00000000 __SHD C:\Users\sheri_000\AppData\Local\EmieUserList
2015-08-18 13:09 - 2014-09-04 16:32 - 00000000 __SHD C:\Users\sheri_000\AppData\Local\EmieSiteList
2015-08-17 12:37 - 2015-07-02 13:28 - 00196096 ___SH C:\Users\sheri_000\Downloads\Thumbs.db
2015-08-15 04:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-14 15:57 - 2013-08-22 09:44 - 00378000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-14 15:56 - 2015-02-21 09:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 15:56 - 2015-02-21 09:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 15:55 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 15:55 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 15:55 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 15:55 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-11 15:45 - 2015-02-21 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 15:44 - 2013-09-08 17:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 15:41 - 2013-09-08 17:15 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 15:40 - 2015-04-16 14:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-11 15:40 - 2015-03-08 15:16 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-11 15:39 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 15:39 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 12:57 - 2013-11-11 09:48 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-08 08:55 - 2014-12-12 14:42 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2014-12-12 14:42 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-09-06 16:58 - 2015-08-25 15:01 - 0007217 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\sheri_000\AppData\Local\Temp\AcDeltree.exe
C:\Users\sheri_000\AppData\Local\Temp\d5c38664-bb79-4f92-b868-a78b6052cd1a.exe
C:\Users\sheri_000\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\sheri_000\AppData\Local\Temp\sqlite3.dll
C:\Users\sheri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-30 05:33

==================== End of FRST.txt ============================



#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:03 PM

Posted 07 September 2015 - 12:20 AM

Hi, sherill! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First, let's run a FRST fix. If this doesn't (completely) remove it, I've got plenty of other tricks up my sleeve. :)

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    C:\Users\sheri_000\Desktop\HijackThis.exe
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
    SearchScopes: HKLM -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    FF Extension: Diigo Toolbar - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013-12-14]
    FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-09-06]
    FF Extension: MediaPlayer - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-05-27]
    CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://fwafatech.net/"
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
    C:\Program Files (x86)\Lavasoft
    C:\Users\sheri_000\Desktop\hijackthis_090515.log
    C:\Users\sheri_000\Desktop\hijackthis.log
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    C:\Users\sheri_000\Downloads\FileZilla_3.12.0.2_win64-setup.exe
    C:\Program Files (x86)\Energetic Software
    C:\Users\sheri_000\AppData\Local\Temp\AcDeltree.exe
    C:\Users\sheri_000\AppData\Local\Temp\d5c38664-bb79-4f92-b868-a78b6052cd1a.exe
    C:\Users\sheri_000\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\sheri_000\AppData\Local\Temp\sqlite3.dll
    C:\Users\sheri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    IE trusted site: HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [{C6B03494-FF53-4CA5-9A2C-F6002DAC680A}] => (Allow) C:\Users\sheri_000\AppData\Local\Temp\7zS60FA\hppiw.exe
    FirewallRules: [{0FDC6BAE-D37C-47AE-81ED-039FF9D95750}] => (Allow) C:\Users\sheri_000\AppData\Local\Temp\7zS60FA\hppiw.exe
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

 

Do you use any of the following? All are perfectly legitimate, but it's best to remove them if you have no use for them.

 

Adobe AIR

Adobe Reader XI (11.0.12)

Windows Live Essentials

 

If you don't need them, please use Programs and Features or Revo Uninstaller to remove them.

If you want to use Programs and Features:

  • Right click on the Windows logo on the left corner of your screen, click Control Panel, and then Uninstall a program.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe AIR

    Adobe Reader XI (11.0.12)

    Windows Live Essentials
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe AIR

    Adobe Reader XI (11.0.12)

    Windows Live Essentials

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Lastly, you've disabled a few items in MSCONFIG:

 

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\StartupApproved\StartupFolder: => "IconRestorer.lnk"
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\StartupApproved\Run: => "Web Companion"

 

It's pretty messy to disable things this way, so I'd like for you to re-enable them. I would be happy to disable them (by deleting the entry itself) if you'd like; in fact, the above FRST script already did so. :)

 

How's the PC running now? Any changes?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 sherill

sherill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 07 September 2015 - 01:58 PM

Ran FRST, deleted Adobe Air and Microsoft Essentials (I figure if I need them for something, I'll be prompted to download them again) and rebooted... Everything is fabulous now! Thank you so much Gunto!

 

Sherill

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by sheri_000 (2015-09-07 13:21:55) Run:1
Running from C:\Users\sheri_000\Desktop
Loaded Profiles: sheri_000 (Available Profiles: sheri_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\sheri_000\Desktop\HijackThis.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
SearchScopes: HKLM -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
FF Extension: Diigo Toolbar - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013-12-14]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-09-06]
FF Extension: MediaPlayer - C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-05-27]
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://fwafatech.net/"
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
C:\Program Files (x86)\Lavasoft
C:\Users\sheri_000\Desktop\hijackthis_090515.log
C:\Users\sheri_000\Desktop\hijackthis.log
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\Users\sheri_000\Downloads\FileZilla_3.12.0.2_win64-setup.exe
C:\Program Files (x86)\Energetic Software
C:\Users\sheri_000\AppData\Local\Temp\AcDeltree.exe
C:\Users\sheri_000\AppData\Local\Temp\d5c38664-bb79-4f92-b868-a78b6052cd1a.exe
C:\Users\sheri_000\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\sheri_000\AppData\Local\Temp\sqlite3.dll
C:\Users\sheri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\sheri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
IE trusted site: HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2318224677-3328993140-470927835-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{C6B03494-FF53-4CA5-9A2C-F6002DAC680A}] => (Allow) C:\Users\sheri_000\AppData\Local\Temp\7zS60FA\hppiw.exe
FirewallRules: [{0FDC6BAE-D37C-47AE-81ED-039FF9D95750}] => (Allow) C:\Users\sheri_000\AppData\Local\Temp\7zS60FA\hppiw.exe
*****************

C:\Users\sheri_000\Desktop\HijackThis.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2318224677-3328993140-470927835-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E55DE0E-511E-45C0-BA88-AD1AFBDF4052}" => key removed successfully
HKCR\CLSID\{9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9E55DE0E-511E-45C0-BA88-AD1AFBDF4052}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9E55DE0E-511E-45C0-BA88-AD1AFBDF4052} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} => moved successfully
C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} => path removed successfully
C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi => moved successfully
C:\Users\sheri_000\AppData\Roaming\Mozilla\Firefox\Profiles\qnpg9jzq.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi => moved successfully
Chrome StartupUrls removed successfully
avchv => service removed successfully
MBAMSwissArmy => service removed successfully
"C:\Program Files (x86)\Lavasoft" => File/Folder not found.
C:\Users\sheri_000\Desktop\hijackthis_090515.log => moved successfully
C:\Users\sheri_000\Desktop\hijackthis.log => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\sheri_000\Downloads\FileZilla_3.12.0.2_win64-setup.exe => moved successfully
C:\Program Files (x86)\Energetic Software => moved successfully
C:\Users\sheri_000\AppData\Local\Temp\AcDeltree.exe => moved successfully
C:\Users\sheri_000\AppData\Local\Temp\d5c38664-bb79-4f92-b868-a78b6052cd1a.exe => moved successfully
C:\Users\sheri_000\AppData\Local\Temp\SpotifyUninstall.exe => moved successfully
C:\Users\sheri_000\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\sheri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5D59EB4-AE43-449C-80BF-C8DFC99FB36A}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B362566-EC1B-4700-BB9C-EC661BDE2175}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB3447F6-9553-4AA9-960E-0DB5310C5779}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAE4213F-F797-439D-BD9E-79B71D115BE3}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D360FA88-17C8-4F14-B67F-13AAF9607B12}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60D5EE24-2C43-45EF-87D4-C35EA2101878}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06A1D88C-E102-4527-AF70-29FFD7AF215A}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{292F0F52-B62D-4E71-921B-89A682402201}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EE94FD8-5F52-4463-A340-185D16328158}\\SystemComponent => value removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\S-1-5-21-2318224677-3328993140-470927835-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6B03494-FF53-4CA5-9A2C-F6002DAC680A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FDC6BAE-D37C-47AE-81ED-039FF9D95750} => value removed successfully

==== End of Fixlog 13:21:57 ====



#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:03 PM

Posted 08 September 2015 - 08:17 AM

Hi,

 

Awesome! I'm glad I could help! :thumbup2:

 

Malwarebytes

Now then, I'd like for you to run an MBAM scan to check for any hiding leftovers.

  • Download MBAM from here, and save it to your desktop.
  • Double click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them.
  • On the main interface, click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 sherill

sherill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 10 September 2015 - 12:07 PM

Looks good to me - thanks Gunto!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/25/2015
Scan Time: 1:49 PM
Logfile: MBAM_09102015.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.25.05
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: sheri_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368445
Time Elapsed: 9 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#7 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:03 PM

Posted 10 September 2015 - 01:18 PM

Hi,

 

My pleasure. :)

 

And with that, congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#8 sherill

sherill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 10 September 2015 - 03:56 PM

# DelFix v1.011 - Logfile created 10/09/2015 at 15:53:29
# Updated 18/08/2015 by Xplode
# Username : sheri_000 - MOTHERSHIP13
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\sheri_000\Desktop\Addition.txt
Deleted : C:\Users\sheri_000\Desktop\Fixlog.txt
Deleted : C:\Users\sheri_000\Desktop\Fixlog1.txt
Deleted : C:\Users\sheri_000\Desktop\FRST.txt
Deleted : C:\Users\sheri_000\Desktop\FRST64.exe
Deleted : C:\Users\sheri_000\Desktop\logins.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #62 [Removed Citrix Online Launcher | 08/25/2015 19:06:22]
Deleted : RP #63 [Scheduled Checkpoint | 09/02/2015 10:42:21]
Deleted : RP #64 [Removed Pandora | 09/07/2015 18:24:34]

New restore point created !

########## - EOF - ##########

 

THANK YOU!

Sherill
 



#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:03 PM

Posted 11 September 2015 - 03:05 PM

My pleasure. :)

 

Since your problems seem to be solved, I'm locking this topic. However, if you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users