Jump to content

Recommended Posts

Hello and welcome! :)

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Hi Radek.  I am including my latest scan Jan 26, 2015

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/01/2015
Scan Time: 10:54:46 AM
Logfile: Log26012015.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.26.06
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Linda
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294783
Time Elapsed: 9 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

OK, then let's take a look an your system's internals.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01

Ran by Linda (administrator) on LYNX on 26-01-2015 14:52:00

Running from C:\Users\Linda\Downloads

Loaded Profiles: Linda (Available profiles: Linda)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(MicroStudio) C:\Program Files\Windows Network Accelerater\v3\winvxm.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-2539202307-1761660001-8006430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.com/en/ab/account/login.jsp?&INTCMP=SSMyaccount

HKU\S-1-5-21-2539202307-1761660001-8006430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-29]

CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]

CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-29]

CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]

CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]

CHR Extension: (Google Sheets) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-29]

CHR Extension: (Hangouts) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-11-29]

CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-29]

CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

R2 WindowsVNT_R3; C:\Program Files\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]

S4 YouTubeDownload_P2; C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

R1 MpKslfc3a24d7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{967838F9-4D72-484C-AA3E-1AC9FAF0C5AD}\MpKslfc3a24d7.sys [39464 2015-01-26] (Microsoft Corporation)

R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [36048 2014-11-19] (NetFilterSDK.com)

R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-12] (IBM Corp.)

R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)

R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)

R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)

S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 14:52 - 2015-01-26 14:52 - 00009098 _____ () C:\Users\Linda\Downloads\FRST.txt

2015-01-26 14:51 - 2015-01-26 14:52 - 00000000 ____D () C:\FRST

2015-01-26 14:51 - 2015-01-26 14:51 - 01120768 _____ (Farbar) C:\Users\Linda\Downloads\FRST.exe

2015-01-24 16:09 - 2015-01-24 16:25 - 00053248 _____ () C:\Users\Linda\Documents\HowardLinda.14t.backup

2015-01-24 16:07 - 2015-01-25 08:38 - 00058368 _____ () C:\Users\Linda\Documents\HowardLinda.14t

2015-01-24 15:52 - 2015-01-24 15:52 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BHOK IT Consulting

2015-01-24 15:51 - 2015-01-24 15:51 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BHOK

2015-01-24 15:50 - 2015-01-24 15:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\IsolatedStorage

2015-01-24 15:49 - 2015-01-24 15:49 - 00002083 _____ () C:\Users\Public\Desktop\StudioTax 2014.lnk

2015-01-24 15:49 - 2015-01-24 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014

2015-01-24 15:49 - 2015-01-24 15:49 - 00000000 ____D () C:\Program Files\BHOK IT Consulting

2015-01-24 15:46 - 2015-01-24 15:47 - 31023968 _____ (BHOK IT Consulting) C:\Users\Linda\Downloads\StudioTax2014Install.exe

2015-01-15 06:10 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-15 06:10 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 06:22 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-01-14 06:22 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 06:21 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 06:21 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-12 10:39 - 2015-01-12 10:39 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk

2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\SIERRA

2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra

2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\After Dark Games

2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\Program Files\Sierra On-Line

2015-01-12 10:39 - 1998-09-23 16:17 - 00558592 _____ (Sierra On-Line) C:\Windows\system32\SierraNW.dll

2015-01-12 10:39 - 1998-09-23 16:17 - 00227840 _____ (Sierra On-Line) C:\Windows\system32\SNWValid.dll

2015-01-12 10:39 - 1998-09-23 16:17 - 00011104 _____ () C:\Windows\system32\SNWVALID.HLP

2015-01-12 10:38 - 2015-01-12 10:39 - 00000402 _____ () C:\Windows\SIERRA.INI

2015-01-11 10:44 - 2015-01-11 10:44 - 07884764 _____ () C:\Users\Linda\Downloads\AuroraBorealis.themepack

2015-01-03 08:30 - 2015-01-03 08:30 - 00001125 _____ () C:\Users\Linda\Desktop\Pinball.lnk

2015-01-03 08:20 - 2015-01-03 08:20 - 00017082 _____ () C:\Windows\DeIsL1.isu

2015-01-03 08:20 - 2015-01-03 08:20 - 00001554 _____ () C:\Windows\yahtzee.ini

2015-01-03 08:20 - 2015-01-03 08:20 - 00000000 ____D () C:\Program Files\Hasbro

2015-01-03 08:20 - 1996-03-04 15:27 - 00331776 _____ (Criterion Software Ltd.) C:\Windows\system32\rwx20.dll

2015-01-03 08:20 - 1995-11-17 00:05 - 00339968 _____ (Criterion Software Ltd.) C:\Windows\system32\rwdx8d20.dll

2015-01-03 08:20 - 1995-11-16 23:52 - 00423424 _____ (Criterion Software Ltd.) C:\Windows\system32\rwdx6d20.dll

2015-01-03 08:19 - 1996-01-09 03:38 - 00283648 _____ (Stirling Technologies, Inc.) C:\Windows\uninst.exe

2015-01-01 19:17 - 2015-01-01 19:17 - 00000173 _____ () C:\Windows\KPCMS.INI

2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

2015-01-01 19:17 - 1999-06-18 21:13 - 00210944 _____ () C:\Windows\system32\MSVCRT10.DLL

2015-01-01 19:17 - 1999-06-18 21:13 - 00133120 _____ (Eastman Kodak Company) C:\Windows\sprof32.dll

2015-01-01 19:17 - 1999-05-26 09:46 - 00212480 _____ (Eastman Kodak) C:\Windows\system32\pcdlib32.dll

2015-01-01 19:17 - 1999-05-26 09:46 - 00196608 _____ (Eastman Kodak Company) C:\Windows\kpcp32.dll

2015-01-01 19:17 - 1999-05-26 09:46 - 00058368 _____ (Eastman Kodak Company) C:\Windows\pfpick.dll

2015-01-01 19:17 - 1999-05-26 09:46 - 00040129 _____ () C:\Windows\iccsigs.dat

2015-01-01 19:17 - 1999-05-26 09:46 - 00037376 _____ (Eastman Kodak Company) C:\Windows\kpsys32.dll

2015-01-01 19:17 - 1999-05-26 09:46 - 00020992 _____ (Eastman Kodak Company) C:\Windows\icccodes.dll

2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 ____D () C:\Program Files\Adobe

2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 ____D () C:\KPCMS

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 14:49 - 2014-11-21 13:44 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-26 14:33 - 2014-12-07 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-26 13:49 - 2014-11-21 13:44 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-26 13:34 - 2014-11-21 09:16 - 01213326 _____ () C:\Windows\WindowsUpdate.log

2015-01-26 13:10 - 2014-11-28 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-26 12:27 - 2009-07-13 21:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-26 12:27 - 2009-07-13 21:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-26 12:20 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-26 12:20 - 2009-07-13 21:39 - 00045290 _____ () C:\Windows\setupact.log

2015-01-26 11:06 - 2014-11-21 13:52 - 00000000 ____D () C:\Users\Linda\Documents\Computer and Camera

2015-01-25 12:52 - 2014-11-21 13:48 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-25 12:33 - 2014-12-02 06:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-25 12:33 - 2014-12-02 06:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-24 09:26 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\WatchTower

2015-01-24 08:48 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Letters

2015-01-24 06:58 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-24 06:55 - 2014-11-21 14:39 - 00000000 ____D () C:\Users\Linda\Documents\Business

2015-01-22 08:35 - 2009-07-13 21:53 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-21 07:10 - 2014-11-21 14:24 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Foxit Software

2015-01-16 16:36 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Howard

2015-01-14 06:33 - 2014-11-21 10:37 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 06:26 - 2014-11-21 10:37 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-12 18:26 - 2014-11-23 07:52 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-01-12 10:40 - 2014-11-21 08:28 - 00000000 ____D () C:\Users\Linda

2015-01-12 09:13 - 2014-11-21 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-01-07 17:11 - 2014-11-21 18:12 - 00000000 ___RD () C:\Users\Linda\Dropbox

2015-01-07 17:11 - 2014-11-21 18:06 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox

2015-01-04 11:17 - 2014-11-21 16:07 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games

2015-01-03 08:30 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\Microsoft Games

2015-01-03 08:21 - 2014-11-21 08:28 - 00000000 ____D () C:\Users\Linda\AppData\Local\VirtualStore

2015-01-03 08:20 - 2014-11-23 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive

2015-01-02 11:03 - 2014-11-22 10:57 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype

2014-12-31 04:13 - 2014-11-21 10:18 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-29 06:30 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Health

 

==================== Files in the root of some directories =======

 

2014-11-21 08:54 - 2014-11-21 08:54 - 0613057 _____ (CMI Limited) C:\Users\Linda\AppData\Local\nso3AE0.tmp

 

Some content of TEMP:

====================

C:\Users\Linda\AppData\Local\Temp\ose00000.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-25 08:56

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01

Ran by Linda at 2015-01-26 14:52:50

Running from C:\Users\Linda\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Photoshop 5.5 (HKLM\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)

After Dark Games (HKLM\...\After Dark Games) (Version:  - )

CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-2539202307-1761660001-8006430-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden

Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.7.39.123 - Foxit Software Inc.)

Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Rotator version 2.0.1 (HKLM\...\{1D2DBEF4-FF54-4E64-971E-8EE1E9585BB6}_is1) (Version: 2.0.1 - Chris Pearce)

PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)

Rapport (Version: 3.5.1404.61 - Trusteer) Hidden

Scrabble v2.0 (HKLM\...\Scrabble v2.0) (Version:  - )

Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )

Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

StudioTax 2014 (HKLM\...\{28201C6B-7274-43F7-B6FE-6F0EC24096F3}) (Version: 10.0.0.0 - BHOK IT Consulting)

Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Watchtower Library 2013 - English (HKLM\...\{004E8ED2-315C-4473-A934-032D5D7B3A02}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Winamp (HKLM\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-2539202307-1761660001-8006430-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Yahtzee (HKLM\...\Yahtzeev1) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539202307-1761660001-8006430-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

08-01-2015 18:14:29 Windows Update

09-01-2015 08:34:59 Windows Backup

12-01-2015 08:12:59 Windows Update

12-01-2015 09:12:23 Installed Rapport

14-01-2015 06:24:58 Windows Update

15-01-2015 07:23:31 Windows Update

16-01-2015 08:43:14 Windows Backup

18-01-2015 08:19:05 Windows Update

22-01-2015 07:36:22 Windows Update

23-01-2015 09:33:16 Windows Backup

24-01-2015 15:48:43 Installed StudioTax 2014

25-01-2015 07:44:52 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {412853CF-851A-4575-9294-D1DE9FDA0705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {999DB801-1469-44E2-984B-DB959E60EBE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {BB19C3C8-FE14-4C5D-862E-0FD9115C0BBB} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {DD422B60-3BAA-4B52-8399-9BB04289A945} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

Task: {F0877E0C-746E-4808-B134-BE0010850263} - System32\Tasks\Knight System Protector Startup => C:\Program Files\Knight System Protector\KnightSystemProtector.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-11-21 13:29 - 2013-04-15 11:49 - 00176128 _____ () C:\Windows\System32\HP1006LM.DLL

2014-11-21 13:30 - 2013-04-15 11:49 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2015-01-25 12:51 - 2015-01-20 20:50 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libglesv2.dll

2015-01-25 12:51 - 2015-01-20 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libegl.dll

2015-01-25 12:51 - 2015-01-20 20:50 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: YouTubeDownload_P2 => 2

MSCONFIG\startupreg: ConvertAd => C:\Users\Linda\AppData\Local\ConvertAd\ConvertAd.exe

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2539202307-1761660001-8006430-500 - Administrator - Disabled)

Guest (S-1-5-21-2539202307-1761660001-8006430-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2539202307-1761660001-8006430-1002 - Limited - Enabled)

Linda (S-1-5-21-2539202307-1761660001-8006430-1000 - Administrator - Enabled) => C:\Users\Linda

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/26/2015 00:22:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/26/2015 00:02:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/26/2015 06:12:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 00:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 06:34:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/24/2015 03:40:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/24/2015 11:26:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/24/2015 08:42:42 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/24/2015 06:20:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/23/2015 06:36:56 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/26/2015 00:21:12 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/26/2015 06:11:15 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/24/2015 03:39:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/24/2015 08:41:55 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/22/2015 06:40:51 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/21/2015 03:54:20 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/21/2015 06:24:34 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/19/2015 09:39:40 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/17/2015 02:55:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (01/17/2015 00:24:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz

Percentage of memory in use: 55%

Total physical RAM: 3061.49 MB

Available physical RAM: 1376.45 MB

Total Pagefile: 6121.27 MB

Available Pagefile: 4274.25 MB

Total Virtual: 2047.88 MB

Available Virtual: 1892.29 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.51 GB) (Free:887.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F3D4F3D4)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

I am sorry, I was travelling yesterday for more than 30h and wasn't able to respond properly.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Home Premium x86

Ran by Linda on 31/01/2015 at  8:46:54.72

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] netfilter 

Successfully deleted: [service] netfilter 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\systweak"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 31/01/2015 at  8:51:39.60

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v4.109 - Report created 31/01/2015 at 09:02:31

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Linda - LYNX

# Running from : C:\Users\Linda\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Linda\AppData\Roaming\AnyProtectEx

File Deleted : C:\END

File Deleted : C:\Windows\system32\drivers\netfilter.sys

File Deleted : C:\Windows\system32\RegistryHelperLM.ocx

File Deleted : C:\Windows\system32\roboot.exe

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : LaunchSignup

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKCU\Software\AnyProtect

Key Deleted : HKCU\Software\Boost

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\Boost

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Tutorials

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v40.0.2214.93

 

 

*************************

 

AdwCleaner[R0].txt - [1697 octets] - [31/01/2015 08:59:03]

AdwCleaner[s0].txt - [1656 octets] - [31/01/2015 09:02:31]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1716 octets] ##########

 

Link to post
Share on other sites

That looks good. Next portion of removal:

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;drivers-services-list;startupall;filesrcm;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 27-01-2015

Tool run by Linda on 31/01/2015 at 13:40:17.01.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Linda\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

31/01/2015 1:41:53 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\Users\Linda\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Linda\AppData\Local\Adobe deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Services(whitelist) ======================

Powered by E Dev

 

R2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe

R2 - [RapportMgmtService] - Rapport Management Service - c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R4 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe

S2 - [skypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe

S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files\windows live\family safety\fsssvc.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe

S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe

S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe

S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

 

==== Drivers(whitelist) ======================

Powered by E Dev

 

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys

R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys

R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys

R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys

R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys

R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys

R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys

R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys

R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys

R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]

R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys

R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys

R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys

R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys

R0 - [intelide] - intelide - C:\Windows\system32\Drivers\intelide.sys

R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys

R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys

R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys

R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys

R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys

R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys

R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys

R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys

R0 - [RapportKELL] - RapportKELL - C:\Windows\system32\Drivers\RapportKELL.sys

R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys

R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys

R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys

R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys

R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys

R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys

R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys

R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys

R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys

R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys

R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys

R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Linda\AppData\Roaming\Knight System Protector deleted

C:\Users\Linda\AppData\Local\nso3AE0.tmp deleted

C:\Windows\system32\config\systemprofile\Searches deleted

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

2015-01-12 17:38:43 FC84533E320D77DDD464B44B91A829AF 402 ----a-w- C:\Windows\SIERRA.INI

2015-01-03 15:20:03 C8F168BD7B6A0DA377B3C6AA9E4FAEA3 1554 ----a-w- C:\Windows\yahtzee.ini

2015-01-03 15:20:03 308CDC3EC06D14E8082C0485F22E0A8B 17082 ----a-w- C:\Windows\DeIsL1.isu

2015-01-03 15:19:40 AEDE1BF4042E5960BD177D2D4C32ABE8 283648 ----a-w- C:\Windows\uninst.exe

2015-01-02 02:17:47 CE7D90E71B9982D737775B416795FC9B 173 ----a-w- C:\Windows\KPCMS.INI

2015-01-02 02:17:20 AD517E0CC05C1A19E6A1A3B56A27AA30 196608 ----a-w- C:\Windows\kpcp32.dll

2015-01-02 02:17:20 9E5F3BA2486F6A4C3A4EF4A76A326429 40129 ----a-w- C:\Windows\iccsigs.dat

2015-01-02 02:17:20 5C68F3301E6933BEB6C8A9D1217BA3A9 133120 ----a-w- C:\Windows\sprof32.dll

2015-01-02 02:17:20 20894E27D339D8C8DFD1D91F7D395AF9 20992 ----a-w- C:\Windows\icccodes.dll

2015-01-02 02:17:20 2036DED5CE3BFC00205C488EC833A1C8 37376 ----a-w- C:\Windows\kpsys32.dll

2015-01-02 02:17:20 1FC3FAAAEB0C655B174F4EA436DAA06B 58368 ----a-w- C:\Windows\pfpick.dll

====== C:\Users\Linda\AppData\Local\Temp ====

2015-01-31 15:46:43 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\libiconv2.dll

2015-01-31 15:46:43 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\libintl3.dll

2015-01-31 15:46:43 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\pcre3.dll

2015-01-31 15:46:43 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\regex2.dll

2015-01-31 15:46:43 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2015-01-29 14:50:24 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvyxwxq.dll

2015-01-24 02:23:34 F8AE0D1B501E76457D4D96BD19DEDB3C 2444240 ----a-w- C:\Users\Linda\AppData\Local\Temp\F5A947C7-DEEF-4F2E-86F9-401E9A78740B\Foxit Cloud 2.7.39.123 Beta for Reader.exe

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2015-01-14 13:21:52 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-01-24 22:49:20 -------- d-----w- C:\Program Files\BHOK IT Consulting

2015-01-12 17:39:06 -------- d-----w- C:\Program Files\Sierra On-Line

2015-01-03 15:20:03 -------- d-----w- C:\Program Files\Hasbro

2015-01-02 02:16:46 -------- d-----w- C:\Program Files\Common Files\Adobe

2015-01-02 02:16:42 -------- d-----w- C:\Program Files\Adobe

======= C: =====

====== C:\Users\Linda\AppData\Roaming ======

2015-01-24 22:52:21 -------- d-----w- C:\Users\Linda\AppData\Roaming\BHOK IT Consulting

2015-01-24 22:51:40 -------- d-----w- C:\Users\Linda\AppData\Roaming\BHOK

2015-01-24 22:50:20 -------- d-----w- C:\Users\Linda\AppData\Local\IsolatedStorage

2015-01-16 14:33:37 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Programs

====== C:\Users\Linda ======

2015-01-31 15:39:33 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Linda\Downloads\AdwCleaner.exe

2015-01-31 15:38:19 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Linda\Downloads\JRT.exe

2015-01-26 21:51:04 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Linda\Downloads\FRST.exe

2015-01-24 22:49:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014

2015-01-24 22:46:18 A5AD509E8B68D1229AE53014C5354F24 31023968 ----a-w- C:\Users\Linda\Downloads\StudioTax2014Install.exe

2015-01-12 17:39:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\After Dark Games

2015-01-12 17:39:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra

2015-01-02 02:17:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

 

====== C: exe-files ==

2015-01-31 15:46:43 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2015-01-31 15:39:33 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Linda\Downloads\AdwCleaner.exe

2015-01-31 15:38:19 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Linda\Downloads\JRT.exe

2015-01-27 13:50:00 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe

2015-01-26 21:51:04 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Linda\Downloads\FRST.exe

2015-01-24 22:46:18 A5AD509E8B68D1229AE53014C5354F24 31023968 ----a-w- C:\Users\Linda\Downloads\StudioTax2014Install.exe

=== C: other files ==

2015-01-31 15:46:41 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\misc.bat

2015-01-31 15:46:41 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\prelim.bat

2015-01-31 15:46:41 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\TDL4.bat

2015-01-31 15:46:41 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\get.bat

2015-01-31 15:46:41 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\medfos.bat

2015-01-31 15:46:41 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\surfvox.bat

2015-01-31 15:46:41 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\runvalues.bat

2015-01-31 15:46:41 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\searchlnk.bat

2015-01-31 15:46:41 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\firefox.bat

2015-01-31 15:46:41 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\ev_clear.bat

2015-01-31 15:46:41 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\ask.bat

2015-01-31 15:46:41 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\iexplore.bat

2015-01-31 15:46:41 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\delfolders.bat

2015-01-31 15:46:41 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\mws.bat

2015-01-31 15:46:41 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Linda\AppData\Local\Temp\jrt\chrome.bat

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"

 

==== Startup Registry Disabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConvertAd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ConvertAd"

"hkey"="HKLM"

"command"="C:\\Users\\Linda\\AppData\\Local\\ConvertAd\\ConvertAd.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YouTubeDownload_P2]

 

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25/01/2015 12:33 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/11/2014 01:44 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/11/2014 01:44 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\Knight System Protector Startup" ["C:\Program Files\Knight System Protector\KnightSystemProtector.exe"]

 

==== Chromium Look ======================

 

Google Chrome Version: 40.0.2214.93 (Up to date, latest Stable version: 40.0.2214.93)

 

 

Google Voice Search Hotword (Beta) - Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

 

==== Chromium Fix ======================

 

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.rapidfinder.ca_0.localstorage deleted successfully

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.rapidfinder.ca_0.localstorage-journal deleted successfully

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.ask.com_0.localstorage deleted successfully

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConvertAd deleted successfully

 

==== Empty IE Cache ======================

 

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=18 folders=3 103399177 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Linda\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Linda\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

C:\RECYCLER successfully emptied

 

==== EOF on 31/01/2015 at 14:12:52.49 ======================
Link to post
Share on other sites

Hi and sorry for the delay, I blame it on the jetlag.

gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.

It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.

Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.

icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

OK, please update me what issues are remaining.

 

 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool.
Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press Scan button and wait.
The tool will produce a logfile on your desktop named FRST.txt.

Please include its content in your next reply.
Link to post
Share on other sites

I haven't had any issues lately so I am hoping all the problems are resolved.  It is an intermittent problem.  Thanks for all your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Linda (administrator) on LYNX on 10-02-2015 08:08:40
Running from C:\Users\Linda\Downloads
Loaded Profiles: Linda (Available profiles: Linda)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(MicroStudio) C:\Program Files\Windows Network Accelerater\v3\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2539202307-1761660001-8006430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.com/en/ab/account/login.jsp?&INTCMP=SSMyaccount
HKU\S-1-5-21-2539202307-1761660001-8006430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2539202307-1761660001-8006430-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-29]
CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-29]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]
CHR Extension: (Google Sheets) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-29]
CHR Extension: (Hangouts) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-11-29]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-29]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
S4 YouTubeDownload_P2; C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslc4c4ba89; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95937FA1-9C90-4393-A197-5F62ADD3CA90}\MpKslc4c4ba89.sys [39464 2015-02-10] (Microsoft Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-12] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 08:08 - 2015-02-10 08:08 - 00009854 _____ () C:\Users\Linda\Downloads\FRST.txt
2015-02-10 08:08 - 2015-02-10 08:08 - 00000000 ____D () C:\Users\Linda\Downloads\FRST-OlderVersion
2015-02-08 08:01 - 2015-02-08 08:01 - 12468178 _____ () C:\Users\Linda\Downloads\CityLightsByTalhaTariq.themepack
2015-02-06 18:08 - 2015-02-06 18:08 - 00002083 _____ () C:\Users\Public\Desktop\StudioTax 2014.lnk
2015-02-06 18:08 - 2015-02-06 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014
2015-02-06 18:08 - 2015-02-06 18:08 - 00000000 ____D () C:\Program Files\BHOK IT Consulting
2015-02-06 08:58 - 2015-02-06 08:58 - 01590523 _____ () C:\Users\Linda\Downloads\GmerLog.log
2015-02-06 07:56 - 2015-02-06 07:56 - 00380416 _____ () C:\Users\Linda\Downloads\qq1ln0mk.exe
2015-02-04 07:03 - 2015-02-04 07:03 - 00003210 _____ () C:\Users\Linda\Downloads\Gmer Instructions.txt
2015-02-01 15:31 - 2015-02-01 15:31 - 00001290 _____ () C:\Users\Linda\Desktop\Watchtower Library 2014 - English.lnk
2015-02-01 15:31 - 2015-02-01 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
2015-02-01 15:31 - 2015-02-01 15:31 - 00000000 ____D () C:\Program Files\Watchtower
2015-01-31 14:13 - 2015-01-31 14:13 - 00020959 _____ () C:\Users\Linda\Downloads\zoek-results.txt
2015-01-31 14:10 - 2015-01-31 13:40 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-31 13:41 - 2015-01-31 14:12 - 00020959 _____ () C:\zoek-results.log
2015-01-31 13:40 - 2015-01-31 14:07 - 00000000 ____D () C:\zoek_backup
2015-01-31 13:33 - 2015-01-31 13:33 - 01295360 _____ () C:\Users\Linda\Downloads\zoek.exe
2015-01-31 13:32 - 2015-01-31 13:32 - 00002110 _____ () C:\Users\Linda\Downloads\Zoek Instructions.txt
2015-01-31 09:05 - 2015-01-31 09:05 - 00001796 _____ () C:\Users\Linda\Downloads\AdwCleaner[s0].txt
2015-01-31 08:58 - 2015-01-31 09:02 - 00000000 ____D () C:\AdwCleaner
2015-01-31 08:52 - 2015-01-31 08:52 - 00000791 _____ () C:\Users\Linda\Downloads\JRT.txt
2015-01-31 08:46 - 2015-01-31 08:46 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 08:39 - 2015-01-31 08:39 - 02194432 _____ () C:\Users\Linda\Downloads\AdwCleaner.exe
2015-01-31 08:38 - 2015-01-31 08:38 - 01707939 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2015-01-26 14:52 - 2015-01-26 14:54 - 00018838 _____ () C:\Users\Linda\Downloads\FRST1.txt
2015-01-26 14:52 - 2015-01-26 14:54 - 00017409 _____ () C:\Users\Linda\Downloads\Addition.txt
2015-01-26 14:51 - 2015-02-10 08:08 - 01124352 _____ (Farbar) C:\Users\Linda\Downloads\FRST.exe
2015-01-26 14:51 - 2015-02-10 08:08 - 00000000 ____D () C:\FRST
2015-01-24 16:09 - 2015-01-27 15:03 - 00069632 _____ () C:\Users\Linda\Documents\HowardLinda.14t.backup
2015-01-24 16:07 - 2015-01-27 15:03 - 00069632 _____ () C:\Users\Linda\Documents\HowardLinda.14t
2015-01-24 15:52 - 2015-01-24 15:52 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BHOK IT Consulting
2015-01-24 15:51 - 2015-01-24 15:51 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BHOK
2015-01-24 15:50 - 2015-01-24 15:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\IsolatedStorage
2015-01-24 15:46 - 2015-01-24 15:47 - 31023968 _____ (BHOK IT Consulting) C:\Users\Linda\Downloads\StudioTax2014Install.exe
2015-01-15 06:10 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 06:10 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:22 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 06:22 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:21 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:21 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 10:39 - 2015-01-12 10:39 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk
2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\SIERRA
2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\After Dark Games
2015-01-12 10:39 - 2015-01-12 10:39 - 00000000 ____D () C:\Program Files\Sierra On-Line
2015-01-12 10:39 - 1998-09-23 16:17 - 00558592 _____ (Sierra On-Line) C:\Windows\system32\SierraNW.dll
2015-01-12 10:39 - 1998-09-23 16:17 - 00227840 _____ (Sierra On-Line) C:\Windows\system32\SNWValid.dll
2015-01-12 10:39 - 1998-09-23 16:17 - 00011104 _____ () C:\Windows\system32\SNWVALID.HLP
2015-01-12 10:38 - 2015-01-12 10:39 - 00000402 _____ () C:\Windows\SIERRA.INI
2015-01-11 10:44 - 2015-01-11 10:44 - 07884764 _____ () C:\Users\Linda\Downloads\AuroraBorealis.themepack
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 07:59 - 2014-11-21 09:16 - 01381890 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 07:56 - 2014-11-21 13:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 07:56 - 2014-11-21 13:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 07:33 - 2014-12-07 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 07:25 - 2009-07-13 21:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 07:25 - 2009-07-13 21:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 07:19 - 2014-11-28 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 07:18 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 07:18 - 2009-07-13 21:39 - 00048482 _____ () C:\Windows\setupact.log
2015-02-08 08:24 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 11:33 - 2014-11-21 18:12 - 00000000 ___RD () C:\Users\Linda\Dropbox
2015-02-07 11:32 - 2014-11-21 18:06 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox
2015-02-07 07:58 - 2014-11-21 14:39 - 00000000 ____D () C:\Users\Linda\Documents\Business
2015-02-06 07:58 - 2014-11-21 13:48 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 07:10 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Health
2015-02-05 07:33 - 2014-12-02 06:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 07:33 - 2014-12-02 06:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:14 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Howard
2015-02-01 07:41 - 2014-11-24 14:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\Windows Live
2015-01-31 14:12 - 2010-11-20 14:48 - 00021894 _____ () C:\Windows\PFRO.log
2015-01-30 13:34 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\Letters
2015-01-26 11:06 - 2014-11-21 13:52 - 00000000 ____D () C:\Users\Linda\Documents\Computer and Camera
2015-01-24 09:26 - 2014-11-21 14:40 - 00000000 ____D () C:\Users\Linda\Documents\WatchTower
2015-01-22 08:35 - 2009-07-13 21:53 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-21 07:10 - 2014-11-21 14:24 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Foxit Software
2015-01-14 06:33 - 2014-11-21 10:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 06:26 - 2014-11-21 10:37 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 18:26 - 2014-11-23 07:52 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-12 10:40 - 2014-11-21 08:28 - 00000000 ____D () C:\Users\Linda
2015-01-12 09:13 - 2014-11-21 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
 
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphj7pxx.dll
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvf0qnz.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 08:13
 
==================== End Of Log ============================
Link to post
Share on other sites

OK, I believe the last two scans.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.