Jump to content

Shockwave malware


Recommended Posts

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thanks for your help!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by Shad at 2015-02-09 15:31:18

Running from C:\Users\Shad\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)

Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version:  - Amazon)

Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)

AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

Anki (HKLM-x32\...\Anki) (Version:  - )

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks)

Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Heroes of Might and Magic 4 Complete (HKLM-x32\...\GOGPACKHOMM4COMPLETE_is1) (Version: 2.0.0.12 - GOG.com)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Might and Magic IX (HKLM-x32\...\GOGPACKMM9_is1) (Version: 2.0.0.11 - GOG.com)

Might and Magic VIII - Day of the Destroyer (HKLM-x32\...\GOGPACKMM8_is1) (Version: 2.0.0.13 - GOG.com)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)

TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)

Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)

WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

14-01-2015 17:03:52 Windows Update

22-01-2015 22:10:13 Scheduled Checkpoint

26-01-2015 09:26:02 Windows Update

31-01-2015 16:03:13 Windows Modules Installer

06-02-2015 13:00:44 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {06FF914E-C72A-40E5-AE03-F71F5AEEF8F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)

Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

Task: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)

Task: {6BF1754A-0DDE-4EEE-85B4-FCAA5E598EA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation)

Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToys

Task: {88FA6C13-5191-4E65-A00C-773821720736} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {973234F8-3685-4436-84FA-D15B6F743846} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation)

Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)

Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] ()

Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)

Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-03-21 09:23 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2014-11-22 18:30 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2014-09-17 05:20 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe

2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd

2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd

2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-02-06 16:51 - 2015-02-04 02:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-06 16:51 - 2015-02-04 02:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-06 16:51 - 2015-02-04 02:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Shad\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "StartCCC"

HKLM\...\StartupApproved\Run32: => "bncsaui.exe"

HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"

HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki"

HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled)

Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled)

Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10842485

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10829078

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172

 

Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10813172

 

 

System errors:

=============

Error: (02/06/2015 08:43:16 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT)

Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (02/06/2015 00:27:59 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MARV

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}.

The master browser is stopping or an election is being forced.

 

Error: (02/05/2015 08:45:17 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MARV

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}.

The master browser is stopping or an election is being forced.

 

Error: (01/31/2015 05:20:10 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT)

Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/31/2015 04:48:26 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT)

Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/28/2015 09:23:36 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MARV

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}.

The master browser is stopping or an election is being forced.

 

Error: (01/27/2015 08:51:50 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MARV

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}.

The master browser is stopping or an election is being forced.

 

Error: (01/25/2015 00:36:06 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.134.

The computer with the IP address 192.168.1.1 did not allow the name to be claimed by

this computer.

 

Error: (01/23/2015 09:08:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3033408).

 

Error: (01/23/2015 07:25:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

 

 

Microsoft Office Sessions:

=========================

Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10842485

 

Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10829078

 

Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172

 

Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10813172

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-02 23:40:34.285

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:33.183

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:32.134

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:31.292

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:30.425

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:29.341

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:28.040

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:27.206

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:26.430

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-02 23:40:25.079

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD E1-1200 APU with Radeon HD Graphics

Percentage of memory in use: 88%

Total physical RAM: 3658.26 MB

Available physical RAM: 427.32 MB

Total Pagefile: 5089.68 MB

Available Pagefile: 928.26 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:353.99 GB) NTFS

Drive d: (BOY_MEETS_WORLD_SEASON_2) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Shad (administrator) on SJBENNETT on 09-02-2015 15:26:44

Running from C:\Users\Shad\Downloads

Loaded Profiles: Shad (Available profiles: Shad)

Platform: Windows 8.1 Pro (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

() C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3733\Agent.exe

(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

 

FireFox:

========

FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-23]

CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09]

CHR Extension: (Google Wallet) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]

R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)

S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)

S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation                           )

R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 15:26 - 2015-02-09 15:28 - 00013780 _____ () C:\Users\Shad\Downloads\FRST.txt

2015-02-09 15:25 - 2015-02-09 15:25 - 02132992 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe

2015-02-07 14:03 - 2015-02-09 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-07 14:03 - 2015-02-07 14:03 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-07 14:02 - 2015-02-07 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-07 14:02 - 2015-02-07 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-07 14:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-07 14:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-07 14:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-07 14:01 - 2015-02-07 14:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shad\Downloads\mbam-setup-2.0.4.1028.exe

2015-02-07 13:51 - 2015-02-09 12:56 - 00015664 _____ () C:\WINDOWS\PFRO.log

2015-02-07 13:50 - 2015-02-07 13:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Shad\Downloads\mbam-clean-2.1.1.1001.exe

2015-02-07 11:43 - 2015-02-07 11:43 - 00000000 ____D () C:\Users\Shad\Documents\Diablo III

2015-02-07 09:30 - 2015-02-07 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

2015-02-07 09:29 - 2015-02-07 11:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III

2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2015-02-07 08:50 - 2015-02-07 08:52 - 03589024 _____ (Blizzard Entertainment) C:\Users\Shad\Downloads\Diablo-III-Setup-enUS.exe

2015-02-06 17:52 - 2015-02-06 17:52 - 00015380 _____ () C:\Users\Shad\Desktop\Cranial Nerves.apkg

2015-02-06 16:55 - 2015-02-06 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe

2015-02-06 16:53 - 2015-02-06 16:54 - 05006144 _____ (Adobe Systems Inc.) C:\Users\Shad\Downloads\Shockwave_Installer_Slim.exe

2015-02-06 16:52 - 2015-02-06 16:52 - 00132240 _____ () C:\Users\Shad\Downloads\neyes1.13.dcr

2015-02-04 19:57 - 2015-02-04 19:58 - 00005353 _____ () C:\Users\Shad\Desktop\Neuro-lab.apkg

2015-02-04 19:57 - 2015-02-04 19:57 - 00009634 _____ () C:\Users\Shad\Desktop\Neuro-Forebrain.apkg

2015-01-31 15:55 - 2015-01-31 15:55 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual (1).zip

2015-01-31 14:39 - 2015-01-31 14:39 - 00001717 _____ () C:\Users\Public\Desktop\Might and Magic IX.lnk

2015-01-31 14:39 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic IX [GOG.com]

2015-01-31 14:38 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic VIII - Day of the Destroyer [GOG.com]

2015-01-31 14:38 - 2015-01-31 14:38 - 00001911 _____ () C:\Users\Public\Desktop\Might and Magic VIII - Day of the Destroyer.lnk

2015-01-31 14:22 - 2015-01-31 14:22 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual.zip

2015-01-31 14:22 - 2015-01-31 14:22 - 00486162 _____ () C:\Users\Shad\Downloads\manual.zip

2015-01-31 14:21 - 2015-01-31 14:24 - 572504648 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm9_2.0.0.11.exe

2015-01-31 14:20 - 2015-01-31 14:23 - 619253368 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm8_2.0.0.13.exe

2015-01-27 11:19 - 2015-01-27 11:24 - 00000000 ____D () C:\Users\Shad\Desktop\SOC1200

2015-01-27 11:12 - 2015-02-02 07:39 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett

2015-01-26 19:21 - 2015-02-09 12:57 - 00000539 _____ () C:\WINDOWS\setupact.log

2015-01-26 19:21 - 2015-01-26 19:21 - 00000000 _____ () C:\WINDOWS\setuperr.log

2015-01-25 16:54 - 2015-02-09 15:21 - 01964042 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-25 16:16 - 2015-01-25 16:17 - 12994216 _____ () C:\Users\Shad\Downloads\Nitemare-3D.zip

2015-01-25 16:15 - 2015-01-25 16:15 - 00000000 ____D () C:\Users\Shad\Downloads\labfull

2015-01-25 16:09 - 2015-01-25 16:09 - 00887582 _____ () C:\Users\Shad\Downloads\labfull.zip

2015-01-25 13:16 - 2015-01-25 13:16 - 00010412 _____ () C:\Users\Shad\Downloads\psychosocial quiz 1.apkg

2015-01-23 15:21 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8L.dll

2015-01-23 15:21 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\system32\CNC1762D.TBL

2015-01-23 15:21 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8C.dll

2015-01-23 15:21 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8I.dll

2015-01-23 15:21 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll

2015-01-22 09:24 - 2015-01-22 09:24 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation (1).xls

2015-01-22 09:19 - 2015-01-22 09:19 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation.xls

2015-01-20 19:37 - 2015-01-20 19:37 - 00010178 _____ () C:\Users\Shad\Downloads\OT Books for Sale.xlsx

2015-01-20 13:21 - 2015-01-20 13:21 - 00049683 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster-1.xlsx

2015-01-20 10:01 - 2015-01-20 10:19 - 00011497 _____ () C:\Users\Shad\Documents\Students in both classes Spring 2015.xlsx

2015-01-20 09:50 - 2015-01-20 09:59 - 00001889 _____ () C:\Users\Shad\Downloads\Grades-SOC-1200-151-V37-Hammond-SPRING_2015-XLIST (1).csv

2015-01-20 09:13 - 2015-01-20 09:13 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster (1).xlsx

2015-01-20 09:12 - 2015-01-20 09:13 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster (1).xlsx

2015-01-17 15:50 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB8.DLL

2015-01-14 13:57 - 2015-01-14 13:57 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster.xlsx

2015-01-14 13:56 - 2015-01-14 13:56 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster.xlsx

2015-01-14 09:56 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 09:56 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 09:56 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 09:56 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 09:56 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 09:56 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 09:56 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 09:56 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 09:56 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-12 07:54 - 2015-01-12 10:20 - 00000000 ____D () C:\Users\Shad\Desktop\Photos end of 2014

2015-01-10 09:28 - 2015-01-10 09:28 - 00001872 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 4 Complete.lnk

2015-01-10 09:28 - 2015-01-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 4 Complete [GOG.com]

2015-01-10 09:07 - 2015-01-10 09:21 - 995423848 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_homm4_complete_2.0.0.12 (3).exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 15:27 - 2014-12-05 12:29 - 00000000 ____D () C:\FRST

2015-02-09 15:21 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Local\Battle.net

2015-02-09 15:20 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-09 13:42 - 2013-09-05 17:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-09 13:01 - 2014-07-19 13:40 - 00000000 ___DO () C:\Users\Shad\OneDrive

2015-02-09 12:58 - 2013-09-05 17:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-09 12:57 - 2014-11-09 15:18 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat

2015-02-09 12:57 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-09 12:56 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-07 18:52 - 2013-09-05 17:05 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-1001

2015-02-07 18:36 - 2013-09-05 15:35 - 00000000 ____D () C:\Users\Shad\AppData\Local\Packages

2015-02-07 13:45 - 2013-09-05 21:40 - 01288192 ___SH () C:\Users\Shad\Desktop\Thumbs.db

2015-02-07 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-02-07 09:27 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Roaming\Battle.net

2015-02-06 18:54 - 2013-09-14 19:51 - 00000000 ____D () C:\Users\Shad\Documents\Anki

2015-02-06 16:52 - 2013-09-05 17:46 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-06 13:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-06 09:37 - 2013-09-05 17:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-06 09:37 - 2013-09-05 17:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-03 12:31 - 2014-12-16 20:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-02-03 12:31 - 2014-12-16 20:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-02 08:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-01-31 16:04 - 2013-10-29 05:15 - 00000000 ____D () C:\Users\Shad\AppData\Local\CrashDumps

2015-01-31 16:04 - 2013-08-22 04:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll

2015-01-31 16:04 - 2013-08-22 04:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe

2015-01-31 16:04 - 2013-08-22 04:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll

2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll

2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

2015-01-31 16:04 - 2013-08-21 20:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll

2015-01-31 16:04 - 2013-08-21 20:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe

2015-01-31 16:04 - 2013-08-21 20:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll

2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll

2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll

2015-01-31 14:35 - 2014-04-19 07:00 - 00000000 ____D () C:\GOG Games

2015-01-27 10:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-01-25 16:18 - 2014-08-15 11:04 - 00000000 ____D () C:\Users\Shad\Desktop\attempt to fix

2015-01-17 11:46 - 2014-07-19 10:26 - 00000000 ____D () C:\Users\Shad

2015-01-17 11:35 - 2013-09-05 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-17 11:26 - 2013-09-05 18:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-16 08:46 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-12 15:00 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Family Testbank Questions2014

2015-01-12 14:59 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Intro Testbank Questions2014

 

==================== Files in the root of some directories =======

 

2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-30 21:13

 

==================== End Of Log ============================

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.