Sign in to follow this  
kevinjtf

Fixlist.txt log help

Recommended Posts

Hello, I am in great need of somebody to help me with my maleware removal process. I have followed instruction from other threads but need somebody experienced to write me a fixlist.txt from my logs. I have dl'ed adwcleaner and frst.exe. I have the scan logs, which I will post subsequent to this, but I do not know if the information will change by the time I receive feedback because several people may use this computer by the time I get a reply. Thanks for any help provided!

Share this post


Link to post
Share on other sites

FSRT LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Suzanne (administrator) on MORNINGSUN on 01-02-2015 15:22:04
Running from C:\Users\Suzanne\Desktop\folder1
Loaded Profiles: Suzanne &  (Available profiles: Suzanne & Kids)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\BrowserSafer\wbrosrec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIUE.EXE
() C:\ProgramData\{b2ae1b16-7ef3-d432-b2ae-e1b167ef6c59}\minecraftdl_23487.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [browserSafer] => C:\Program Files\BrowserSafer\BrowserSafer.exe [262144 2013-07-23] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\Activision\Bee Movie Game\BeeMovie.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\LucasArts\LEGO® Indiana Jones™ 2\LEGOIndy2.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\Activision\Bee Movie Game\Game.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\LucasArts\LEGO® Indiana Jones™ 2\LEGOIndy2.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\LucasArts\LEGO® Indiana Jones™ 2\LEGOIndy2.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: C:\Program Files\MyPC Backup\MyPC Backup.exe <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE [249440 2012-02-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\MountPoints2: E - E:\V8000_ZTE.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\MountPoints2: {283c2e8e-e679-11e2-aa71-00256486adfd} - F:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\MountPoints2: {8d786763-0854-11e3-84fc-00256486adfd} - F:\V8000_ZTE.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\MountPoints2: {e4e32077-1116-11e4-bc50-00256486adfd} - G:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE [249440 2012-02-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\V8000_ZTE.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {283c2e8e-e679-11e2-aa71-00256486adfd} - F:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8d786763-0854-11e3-84fc-00256486adfd} - F:\V8000_ZTE.exe
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e4e32077-1116-11e4-bc50-00256486adfd} - G:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {283c2e8e-e679-11e2-aa71-00256486adfd} - F:\KODAK_Camera_Setup_App.exe
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_23487.lnk
ShortcutTarget: minecraftdl_23487.lnk -> C:\ProgramData\{b2ae1b16-7ef3-d432-b2ae-e1b167ef6c59}\minecraftdl_23487.exe ()
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2037850634-1991479139-3573102483-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53526;https=127.0.0.1:53526
ProxyEnable: [s-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:56039;https=127.0.0.1:56039
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2037850634-1991479139-3573102483-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\wnf1li2z.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001: @nsroblox.roblox.com/launcher -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Kids\AppData\Local\Roblox\Versions\version-b155910bba974e13\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Kids\AppData\Local\Roblox\Versions\version-b155910bba974e13\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Extension: Facebook Phishing Protector - C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\wnf1li2z.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-02-01]
FF Extension: Metal Lion Australis Theme - C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\wnf1li2z.default\Extensions\{F2C70981-7CDC-4c46-ACF3-41F18693E79E}.xpi [2014-09-29]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-10-01]
FF HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Google Search) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Facebook Messenger) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-01-31]
CHR Extension: (Google Wallet) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-22] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-26] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 wbrosrec; C:\ProgramData\BrowserSafer\wbrosrec.exe [71168 2013-06-30] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 15:11 - 2015-02-01 15:22 - 00000000 ____D () C:\FRST
2015-02-01 15:10 - 2015-02-01 15:22 - 00000000 ____D () C:\Users\Suzanne\Desktop\folder1
2015-02-01 14:46 - 2015-02-01 14:46 - 02194432 _____ () C:\Users\Suzanne\Desktop\AdwCleaner(1).exe
2015-02-01 14:41 - 2015-02-01 14:59 - 00000112 _____ () C:\Windows\setupact.log
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 14:40 - 2015-02-01 14:59 - 00002614 _____ () C:\Windows\PFRO.log
2015-02-01 14:13 - 2015-02-01 14:59 - 00000000 ____D () C:\AdwCleaner
2015-02-01 14:12 - 2015-02-01 14:12 - 02194432 _____ () C:\Users\Suzanne\Downloads\AdwCleaner.exe
2015-02-01 13:48 - 2015-02-01 13:48 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-01 13:48 - 2015-02-01 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-01 13:48 - 2015-02-01 13:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 13:47 - 2015-02-01 13:47 - 05325208 _____ (Piriform Ltd) C:\Users\Suzanne\Downloads\ccsetup502.exe
2015-02-01 13:40 - 2015-02-01 13:41 - 00000000 ____D () C:\Users\Suzanne\Desktop\Printers & Cameras
2015-02-01 13:38 - 2015-02-01 13:38 - 00000000 ____D () C:\Users\Suzanne\Desktop\TAX
2015-02-01 13:33 - 2015-02-01 13:42 - 00000000 ____D () C:\Users\Suzanne\Desktop\Games
2015-01-31 19:46 - 2015-01-31 19:46 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\4 Friends Games
2015-01-31 17:31 - 2015-01-31 17:33 - 92558215 _____ () C:\Users\Suzanne\Downloads\[1.7.9] Constantinople by NomScorch.zip
2015-01-31 17:20 - 2015-01-31 17:20 - 00000000 ____D () C:\Program Files\Facebook Messenger
2015-01-31 17:06 - 2015-02-01 14:43 - 00000000 ____D () C:\ProgramData\{b2ae1b16-7ef3-d432-b2ae-e1b167ef6c59}
2015-01-31 17:03 - 2015-01-31 17:03 - 01163776 _____ () C:\Users\Suzanne\Downloads\minecraftdl_23487.exe
2015-01-31 13:39 - 2015-01-31 13:40 - 04506104 _____ () C:\Users\Suzanne\Downloads\faithful32pack.zip
2015-01-31 13:28 - 2015-01-31 13:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-31 12:22 - 2015-01-31 12:28 - 02314240 _____ () C:\Users\Suzanne\Downloads\MinecraftInstaller.msi
2015-01-29 15:54 - 2015-01-29 15:54 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\AlawarEntertainment
2015-01-29 15:54 - 2015-01-29 15:54 - 00000000 ____D () C:\Users\Suzanne\AppData\Local\AlawarWrapper
2015-01-29 15:54 - 2015-01-29 15:54 - 00000000 ____D () C:\Users\Public\Documents\AlawarWrapper
2015-01-27 14:28 - 2015-01-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-01-27 13:31 - 2015-01-27 13:33 - 119384624 _____ () C:\Users\Suzanne\Downloads\w_turbotax_1040_dlx_2014.09b.0100.exe
2015-01-25 11:45 - 2015-01-25 11:45 - 00000000 ____D () C:\Users\Suzanne\Documents\Nearwood CE
2015-01-23 13:12 - 2015-01-23 13:12 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Anarchy
2015-01-17 20:15 - 2015-01-17 20:15 - 00000000 _____ () C:\Windows\PCFriend.INI
2015-01-17 20:10 - 2015-02-01 14:40 - 00000000 ____D () C:\Program Files\PCFriendly
2015-01-17 20:10 - 2001-12-04 20:47 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\INLOADER.DLL
2015-01-17 20:10 - 1996-10-15 18:01 - 00298496 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2015-01-17 20:09 - 2015-01-17 20:09 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-17 20:09 - 2015-01-17 20:09 - 00000000 __RSH () C:\IO.SYS
2015-01-13 16:29 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 16:29 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:27 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:27 - 2014-12-11 10:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:27 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-12 13:26 - 2015-01-12 13:26 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Rainbow
2015-01-12 13:06 - 2015-01-12 13:06 - 00003894 _____ () C:\Users\Suzanne\Downloads\Erin Larocca.vcf
2015-01-11 11:08 - 2015-01-11 11:08 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Deep Shadows
2015-01-05 14:36 - 2015-01-24 13:09 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Artogon
2015-01-03 19:36 - 2015-01-25 11:45 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\MagicIndie
2015-01-03 17:01 - 2015-01-03 17:01 - 00000000 ____D () C:\Program Files\Viva Media
2015-01-03 17:00 - 2015-01-03 17:00 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viva Media

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 15:17 - 2014-10-27 13:12 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 15:17 - 2009-07-13 21:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 15:17 - 2009-07-13 21:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 15:05 - 2013-06-26 19:46 - 01712454 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 15:01 - 2014-10-27 13:12 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 15:01 - 2014-09-29 16:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:59 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 14:48 - 2014-10-07 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 14:40 - 2014-09-29 20:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-01 13:56 - 2014-10-01 11:37 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\uTorrent
2015-02-01 13:56 - 2013-06-27 11:19 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 13:56 - 2013-06-26 20:43 - 00000000 ____D () C:\Windows\Panther
2015-02-01 13:41 - 2013-06-26 20:06 - 00000000 ____D () C:\ProgramData\Skype
2015-02-01 13:37 - 2014-11-28 14:33 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-02-01 09:48 - 2013-12-23 20:24 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\.minecraft
2015-01-31 21:44 - 2013-06-26 23:52 - 00000000 ____D () C:\Users\Suzanne\Documents\HRBlock
2015-01-31 11:15 - 2014-03-07 15:33 - 00000000 ____D () C:\Users\Suzanne\AppData\Roaming\.technic
2015-01-30 02:32 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 18:51 - 2013-08-11 21:17 - 00000000 ____D () C:\Users\Suzanne\Documents\TurboTax
2015-01-27 15:06 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 14:39 - 2014-01-21 08:11 - 00000590 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-27 14:14 - 2014-01-21 08:07 - 00000000 ____D () C:\Program Files\TurboTax
2015-01-24 21:33 - 2013-06-26 23:03 - 00000000 ____D () C:\Users\Suzanne\AppData\Local\Adobe
2015-01-24 15:49 - 2014-10-07 18:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 15:49 - 2014-10-07 18:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-20 03:05 - 2013-06-26 19:58 - 00774592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 20:14 - 2014-10-07 18:53 - 00000000 ____D () C:\Windows\system32\Adobe
2015-01-17 20:13 - 2013-06-26 23:04 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-14 03:16 - 2013-08-02 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:03 - 2013-06-28 10:32 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-10-10 10:36 - 2014-08-27 21:20 - 0000125 _____ () C:\Users\Suzanne\AppData\Roaming\WB.CFG
2013-08-16 19:35 - 2013-10-10 11:35 - 0000006 _____ () C:\Users\Suzanne\AppData\Roaming\WBPU-TTL.DAT
2014-08-27 21:52 - 2014-08-27 21:52 - 0575544 _____ (ClickMeIn Limited) C:\Users\Suzanne\AppData\Local\nsi939D.tmp
2014-08-27 21:47 - 2014-08-27 21:47 - 0631720 _____ (ClickMeIn Limited) C:\Users\Suzanne\AppData\Local\nsr4265.tmp
2014-08-29 23:41 - 2014-08-29 23:41 - 0007609 _____ () C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2014-01-21 08:11 - 2015-01-27 14:39 - 0000590 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Kids\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Kids\AppData\Local\Temp\rtinstaller.exe
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite16718.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite37528.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite40837.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite45403.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite56802.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite64443.dll
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite76509.dll
C:\Users\Suzanne\AppData\Local\Temp\091eC.exe
C:\Users\Suzanne\AppData\Local\Temp\oi_{06CFF6BB-0B4E-4EC3-8853-122107ADD989}.exe
C:\Users\Suzanne\AppData\Local\Temp\post1.exe
C:\Users\Suzanne\AppData\Local\Temp\Quarantine.exe
C:\Users\Suzanne\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Suzanne\AppData\Local\Temp\sqlite3.dll
C:\Users\Suzanne\AppData\Local\Temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 04:06

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

ADDITION.TXT LOG:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Suzanne at 2015-02-01 15:15:19
Running from C:\Users\Suzanne\Desktop\folder1
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bee Movie Game (HKLM\...\InstallShield_{51CB5834-523F-49E8-AE10-E8F6AC1127AC}) (Version: 1.00.0000 - Activision)
Bee Movie Game (Version: 1.00.0000 - Activision) Hidden
Brink of Consciousness - Dorian Gray Syndrome CE (HKLM\...\Brink of Consciousness - Dorian Gray Syndrome CE) (Version: 1.0 - Viva Media, LLC)
Canon PowerShot G15 Camera User Guide (HKLM\...\CameraUserGuide-PSG15) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cruel Games: Red Riding Hood (HKLM\...\Cruel Games: Red Riding Hood ) (Version: 1.0 - Alawar Entertainment Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Depths of Betrayal (HKLM\...\Depths of Betrayal) (Version: 1.0 - Viva Media, LLC)
Emerland Solitaire (HKLM\...\Emerland Solitaire) (Version: 1.0 - Viva Media, LLC)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Messenger (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Family Tales The Sisters (HKLM\...\Family Tales The Sisters) (Version: 1.0 - Viva Media, LLC)
Ghost Encounters - Deadwood (HKLM\...\Ghost Encounters - Deadwood) (Version: 1.0 - Viva Media, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
H&R Block Arizona 2011 (HKLM\...\{3FD2225B-31D1-4E22-9D76-82F966F04374}) (Version: 1.11.2901 - HRB Technology, LLC.)
H&R Block Arizona 2012 (HKLM\...\{23ADF1CF-4578-4BEC-AF07-FFEC8EA17C9C}) (Version: 1.12.4601 - HRB Technology, LLC.)
H&R Block Basic + Efile + State 2011 (HKLM\...\{70469C1D-DDF0-44A0-B873-9F28B354256C}) (Version: 11.03.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
Hide and Secret 3 (HKLM\...\Hide and Secret 3) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Quest (remove only) (HKLM\...\JewelQuest) (Version:  - JenkatGames)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Legends of the Mist (HKLM\...\Legends_0) (Version:  - On Hand Software)
LEGO® Indiana Jones™ 2 (Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
Living Legends - Ice Rose CE (HKLM\...\Living Legends - Ice Rose CE) (Version: 1.0 - Viva Media, LLC)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Mystery of the Crystal Portal (HKLM\...\Mystery of the Crystal Portal) (Version: 1.0 - Viva Media, LLC)
Near Wood CE (HKLM\...\Near Wood CE) (Version: 1.0 - Viva Media, LLC)
Odysseus - Long Way Home (HKLM\...\Odysseus - Long Way Home) (Version: 1.0 - Viva Media, LLC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version:  - )
ROBLOX Player for Kids (HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Suzanne (HKU\S-1-5-21-2037850634-1991479139-3573102483-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Suzanne (HKU\S-1-5-21-2037850634-1991479139-3573102483-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Kids (HKU\S-1-5-21-2037850634-1991479139-3573102483-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tonka Construction 2 (HKLM\...\Tonka Construction 2) (Version:  - )
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2037850634-1991479139-3573102483-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2037850634-1991479139-3573102483-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2037850634-1991479139-3573102483-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Suzanne\AppData\Local\Temp\a309E2\temp\minecraftdl_23487.exe No File

==================== Restore Points  =========================

08-01-2015 12:50:29 Windows Update
12-01-2015 02:53:52 Windows Update
14-01-2015 03:00:28 Windows Update
17-01-2015 03:46:43 Windows Update
20-01-2015 03:00:19 Windows Update
23-01-2015 03:21:50 Windows Update
26-01-2015 12:01:46 Windows Update
27-01-2015 14:15:30 Installed TurboTax 2014 wrapper
27-01-2015 15:06:11 Installed TurboTax 2014 waziper
30-01-2015 11:46:27 Windows Update
01-02-2015 13:39:01 Removed Skype™ 6.11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05796395-B0E6-46B9-B54E-BC11757A3210} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {0AE9E845-054B-4100-8198-1FE3429F30C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {65A52681-49FA-4AF6-9C6A-198C8A69A637} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7D677311-394B-41A5-9104-0804FE4F0DED} - System32\Tasks\{EAB839F1-1630-4A9C-9576-EFC151AA63F0} => pcalua.exe -a C:\PROGRA~1\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {86288B50-D1E0-42AB-975B-098671737CBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {8A26BACD-CF81-480E-9564-2EF41F7B06DB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {B7E94EC1-3FF7-4D35-B0CC-CD14969E17EE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F13EC308-0FEA-4688-B4DE-61EAD7A4B6E7} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-28 00:09 - 2013-06-28 00:09 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2013-06-30 04:29 - 2013-06-30 04:29 - 00071168 _____ () C:\ProgramData\BrowserSafer\wbrosrec.exe
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2015-01-31 17:06 - 2015-01-31 17:06 - 01163776 _____ () C:\ProgramData\{b2ae1b16-7ef3-d432-b2ae-e1b167ef6c59}\minecraftdl_23487.exe
2015-01-31 13:28 - 2015-01-31 13:29 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: BrowserSafer => "C:\Program Files\BrowserSafer\BrowserSafer.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SkyDrive => "C:\Users\Suzanne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot

========================= Accounts: ==========================

Administrator (S-1-5-21-2037850634-1991479139-3573102483-500 - Administrator - Disabled)
Guest (S-1-5-21-2037850634-1991479139-3573102483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2037850634-1991479139-3573102483-1002 - Limited - Enabled)
Kids (S-1-5-21-2037850634-1991479139-3573102483-1003 - Administrator - Enabled) => C:\Users\Kids
Suzanne (S-1-5-21-2037850634-1991479139-3573102483-1001 - Administrator - Enabled) => C:\Users\Suzanne

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 02:43:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2188) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Suzanne\AppData\Local\Microsoft\Windows\WebCache\V010166D.log.

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/01/2015 02:40:04 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (02/01/2015 03:01:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

Error: (02/01/2015 02:59:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (02/01/2015 02:45:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/01/2015 02:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%1053

Error: (02/01/2015 02:44:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (02/01/2015 02:44:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (02/01/2015 02:43:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

Error: (02/01/2015 02:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (02/01/2015 02:40:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (02/01/2015 02:40:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 2012.98 MB
Available physical RAM: 899.11 MB
Total Pagefile: 4025.97 MB
Available Pagefile: 2802.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.02 GB) (Free:168 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 259D4594)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Hello, I am in great need of somebody to help me with my maleware removal process. I have followed instruction from other threads but need somebody experienced to write me a fixlist.txt from my logs. I have dl'ed adwcleaner and frst.exe. I have the scan logs, which I will post subsequent to this, but I do not know if the information will change by the time I receive feedback because several people may use this computer by the time I get a reply. Thanks for any help provided!

I've been following direction from this thread here:

 

https://forums.malwarebytes.org/index.php?/topic/137526-scorpion-saver-wont-uninstall/

Share this post


Link to post
Share on other sites

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.