Pop ups Redirects of Internet then Freeze PCfixing2.info

cyndifoisy · September 17, 2015

Good afternoon!

I am using my computer to attempt to solve popup and redirect issues on my daughter's computer. I am a homeschool mom. No computer whiz here. But... learning is lifelong.

The issue: Any attempt to use the internet redirects to "pcfixing2.info" which requires a "quit task" from the task manager. Further, there is a continuous onslaught of popups plaguing the system. I'm usually pretty good at I.D.ing this crap in processes, but I can't find it this time. I attached a screenshot of the scallywag: An image of the virus.PNG

Using safe mode yesterday I ran JRT and MBAR and MBAM and Adware Cleaner too, I think, following Double Headed Eagle's plans from other folks, one at a time and retrying the internet. But to no avail. Perhaps I did things in the wrong order. So I'm trying again. The fact that I'm posting means nothing worked, and I need more suggestions. The "order of operations" for today is below. Thank you for any assistance in advance.

Sooooo.... The offending computer is windows 8.1. More of Viv's comp info is in the attached screen shot, titled Viv's comp info, because I couldn't copy and paste for some reason.

9/15/2015

5 p.m.

MBAM I'm using version 2015.09.14.05 (which looks really like it might be up-to-date, but it says it needs updated.) Alas, safe mode.

All disk checks are performed via download from my computer internet to a flash drive, except for MBAM as we're "fancy owners."

5:14 p.m.

Ran MBAM w PUP & PUM set to the "terrible entity" setting. Nothing to quarantine.

Realized I was supposed to show hidden files and learned how to do that.

5:45 pm

Reran MBAM, showing hidden files. It looks REALLY short. Wonder if that's right.

Anyway, File attached: VivsMBAM1.txt.

6:11 p.m

Ran FRST, addition box checked.

FRST.txt Addition.txt

I was going to run RogueKiller, then I saw a note that followed about not doing anything further... not everything is bad... la de da de dah... and decided that instead of running anything else, I'll post the things I ran yesterday (before the NOT EEVERYTHING is BAD note) and see where to go from there.

You'll see I have logs also attached from

MBAR, titled: system-log.txt -- This is an older log when my husband started working on this mess on 9/3/15

JRT, oddly titled: JRT.txt--This is from yesterday

AdwCleaner, titled: AdwCleaner C1.txt and S1.txt and also Quarantine. log -- Also from yesterday

had to do a few mom things, then:

7pm

Thought I had almost fixed it after doing all of the following steps. The pop up started immediately all over the top of my Chrome page, but I just clicked out and it didn't reappear. Then I managed to make it to a couple of sites before the redirect reared its ugly head.

And now, since you scared me with the "not everything is bad," I'm going to post all this crap and hopefully you can make sense of it before I screw it up any further.

Cyndi

sorry the attachments come in all wonky

then i posted to the wrong board

AdwCleanerC1.txt AdwCleanerS1.txt AdwCleanerS1.txt

FRST.txt JRT.txt JRT.txt Quarantine.log system-log.txt

AdwCleanerS1.txt VivsMBAM1.txt Addition.txt

TwinHeadedEagle · September 17, 2015

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:

We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

cyndifoisy · September 18, 2015

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by customer on Fri 09/18/2015 at 8:00:20.83.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Safe Mode NETWORK No Internet Access Detected

Launched: D:\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~2\GUM95E5.tmp deleted successfully

C:\Program Files\Google deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\customer\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\customer\AppData\Local\EmieBrowserModeList deleted successfully

C:\Users\customer\AppData\Local\EmieSiteList deleted successfully

C:\Users\customer\AppData\Local\EmieUserList deleted successfully

C:\Users\customer\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller deleted successfully

==== Batch Command(s) Run By Tool======================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM95E5.tmp not found

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

C:\PROGRA~2\LowTagOptimizer deleted

C:\PROGRA~2\Alarm deleted

C:\PROGRA~2\Asana Extension deleted

C:\PROGRA~2\Block site deleted

C:\PROGRA~2\Citable deleted

C:\PROGRA~2\Extended S3 Browser deleted

C:\PROGRA~2\Full Screen deleted

C:\PROGRA~2\InoReader Notifier News and RSS Reader deleted

C:\PROGRA~2\LoweRprIcinag deleted

C:\PROGRA~2\Prickly Upper deleted

C:\PROGRA~2\Quick SEO PageRank Backlinks Alexa Tool deleted

C:\PROGRA~2\Referer Control deleted

C:\PROGRA~2\ScribeFire deleted

C:\PROGRA~2\TrollBook deleted

C:\Users\customer\AppData\Local\Packages\windows_ie_ac_001\AC\{37C0738D-C4D2-B4E3-3C10-2EF9041F953F} deleted

C:\Users\customer\AppData\Local\Packages\windows_ie_ac_001\AC\{97486164-6963-AFEA-AE24-F63DA8AAAF62} deleted

C:\Users\customer\AppData\Local\Software deleted

C:\Users\Default\AppData\Local\Pokki deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted

C:\WINDOWS\SysNative\config\systemprofile\Searches deleted

"C:\Windows\Installer\40dd2.msi" deleted

"C:\WINDOWS\Installer\22857008.msi" deleted

"C:\WINDOWS\Installer\37d276f4.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02/21/2014 08:47 PM]

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.134

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 07:24 PM]

Theme Creator - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc

Parking Mania™ - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliaancdkclmoacockpgpcopnfcjgmpe

Number Mash - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibpgjedpkpkddjgfbnkcleaoligdohb

Alarm Clock Radio - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi

CanvasDraw - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe

Little Alchemy - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd

Sketchpad - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp

The Fancy Pants Adventure: World 2 - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk

Harmony - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbibdblnnlapclckbdennhlbcnkkgcn

Plants vs Zombies - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjeibcckpbiibmebbjkmdpbpbjojjno

Plants vs Zombies - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina

InspirARTion - Sketch & Draw - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec

Math Arcade Games - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfodbdfdkebjhdklkkmnjojpfjkkoodd

Canvas Rider - customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk

==== Chromium Startpages ======================

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Preferences

ize\":{\"custom_display_name\":\"Letter (8 1/2 x 11 in)\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"isColorEnabled\":false,\"marginsType\":0,\"customMargins\":null,\"isLandscapeEnabled\":true,\"isCssBackgroundEnabled\":false,\"isHeaderFooterEnabled\":false,\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{"[*.]www.mythweb.com,*":{"setting":2}},"cookies":{},"fullscreen":{"[*.]www.biology4kids.com,*":{"setting":1},"http://www.dailymail.co.uk:80,http://www.dailymail.co.uk:80":{"setting":1},"https://[*.]docs.google.com:443,*":{"setting":1},"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"setting":1}},"geolocation":{"http://nym1.ib.adnxs.com:80,http://www.biology4kids.com:80":{"setting":2},"https://bu.mp:443,https://bu.mp:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"http://api.mangolanguages.com:80,*":{"setting":2},"https://docs.google.com:443,*":{"setting":1},"https://www.duolingo.com:443,*":{"setting":1}},"media_stream_mic":{"http://api.mangolanguages.com:80,*":{"setting":2},"https://docs.google.com:443,*":{"setting":1},"https://www.duolingo.com:443,*":{"setting":1},"https://www.google.com:443,*":{"last_used":1437870000,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{"https://mail.google.com:443,*":{"setting":1}},"plugins":{"[*.]app.discoveryeducation.com,*":{"setting":1},"[*.]player.discoveryeducation.com,*":{"setting":1},"[*.]www.americaslibrary.gov,*":{"setting":1},"[*.]www.challengeyou.com,*":{"setting":1},"[*.]www.freeridegames.com,*":{"setting":1}},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]app.discoveryeducation.com,*":{"plugins":1},"[*.]player.discoveryeducation.com,*":{"plugins":1},"[*.]www.americaslibrary.gov,*":{"plugins":1},"[*.]www.biology4kids.com,*":{"fullscreen":1},"[*.]www.challengeyou.com,*":{"plugins":1},"[*.]www.freeridegames.com,*":{"plugins":1},"[*.]www.mythweb.com,*":{"multiple-automatic-downloads":2},"http://api.mangolanguages.com:80,*":{"media-stream-camera":2,"media-stream-mic":2},"http://nym1.ib.adnxs.com:80,http://www.biology4kids.com:80":{"geolocation":2},"http://www.dailymail.co.uk:80,http://www.dailymail.co.uk:80":{"fullscreen":1},"https://[*.]docs.google.com:443,*":{"fullscreen":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://bu.mp:443,https://bu.mp:443":{"geolocation":1},"https://docs.google.com:443,*":{"last_used":{"media-stream-camera":1424119530.604985,"media-stream-mic":1424119530.604776},"media-stream-camera":1,"media-stream-mic":1},"https://mail.google.com:443,*":{"notifications":1},"https://www.duolingo.com:443,*":{"media-stream-camera":1,"media-stream-mic":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1424109350.058664},"media-stream-mic":1}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/--_SrQmAZK1c/AAAAAAAAAAI/AAAAAAAAAGg/xEI-5U-dkmE/s256-c/photo.jpg","gaia_info_update_time":"13086831461932286","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_enabled":true,"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":true},"savefile":{"default_directory":"C:\\Users\\customer\\Desktop","type":1},"selectfile":{"last_directory":"C:\\Users\\customer\\Pictures\\iCloud Photos\\My Photo Stream"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13072442713321533"},"signin":{"signedin_time":"13068831688536743"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAUtNGMe9hME+mOM0ptsXcFQAAAAACAAAAAAAQZgAAAAEAACAAAADfUkGbOyiXqsQ0L98EObS7y8QGBa+sV0GeyRIcdcXgxwAAAAAOgAAAAAIAACAAAACGKMcOLbZROV41E6n2hnOtPW1z9upirPvwUOJ0THrGAEAAAAAFx9SD7Yx9wR7hqIGDBIEnBf4Z27O8YORz9/sqUsylBPuZYYOqPJjb8jIk9LpDw0MVQOUfs/R/FrgLgVAoIgnyQAAAANGdSEhTwKu3jbLkkAWPyXN8cU7/om3TbVAwUBPyycv/MIPhejsPA1tYs5MU7/a10KHiVXRODmuR30tiD8AaOdg=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13068831688999857","has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAUtNGMe9hME+mOM0ptsXcFQAAAAACAAAAAAAQZgAAAAEAACAAAAA+SBevkrYQe+5GNAvTM5Oz890qnS9LZAAhQmCeJEYk2wAAAAAOgAAAAAIAACAAAABRT0cACgu6hVEm4iurlPWKwcpPw7aV9h6mdYTRt0hK7VAAAACwcM8Fbj0ePGFZmqim6V//HyxG6J6nxWuAPEJDsYpLlYnmlNi0IfPM226UCIfKPPDTjO4xDeMDT4+P111ZqWFxdS0yi4QNreoJBELSdP5fhEAAAAAHuPUkBdZgFTxL1m7tlNinXr5GF/9UFPInCHF5+v3FtrM2gP2vASMzvYBN3YnuWb5ganCJpx21bMlB1bEsM97k","last_synced_time":"13086831672427154","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncLrPzkPj7ZZxQ5aBKbIkRHA==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"translate_accepted_count":{"ar":0,"de":2,"en":0,"eo":2,"fi":1,"fr":0,"ru":0,"sv":4},"translate_blocked_languages":["en","fr"],"translate_denied_count":{"ar":1,"de":0,"en":1,"eo":0,"fi":0,"fr":5,"ru":1,"sv":0},"translate_language_blacklist":["fr"],"translate_last_denied_time":1.427983e+12,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{}}

bfljkmcghmakofbhhgemjhboabdkcn":"AA0DA4BAD0A64C79E04B91368AB7845AAB6C58BB4FD6B5C10DE5BF40AF0CA544","nmepnejfibcheoafgdgcclphbihhbbkc":"5BD4F24AF7DEF4FB4D6420090A626A7E7D5F135DF6B0880168B8E1254E2ED200","nmmhkkegccagdldgiimedpiccmgmieda":"8FC52685719ED90C86A0E4342578365371A8CB81ACA0DD1668BCAE6CC24002B5","ogminpmldncgcmokldnmmapddoccmhfl":"87E3AFDFA3708F906FC6769E0006C2F948E0B5135CA452159D99F98D13CB7CE9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"4DF0204B6513B018FEA6FC980BE893041ECA920A7EDAF4F140C08F73575DE58B","pfodbdfdkebjhdklkkmnjojpfjkkoodd":"1EC5ED98863B09884FAC49C074AF54ACF406D2CE7A11A63D728960DD304DE494","plnlcclaocpblfckpfgmpdfndodkofpo":"6B55F507342C4FD4C045633DE26305C0B6B435D247957A82264B494135B11051","poknhlcknimnnbfcombaooklofipaibk":"754F9976CB8F566DC17445E18302A6426F6527013AD6A4572A12ECA656DF3BF9"}},"google":{"services":{"last_username":"1CA9A249D1C00D6BFE7301AC15BA34EF0900DE4F4E5F747D74CAA3FF9F622F5E","username":"79CDB89387ABC545D9C8BC00060E857D3F05A6157558AB692EB2365A1DAA6C10"}},"homepage":"F6D95F4B97AAA32B9E8633CBAF26AC6E937B7376FD21AB9E0C77CD8AEB4332D5","homepage_is_newtabpage":"99AD8559857914886E541BE60EC709E16B518385A1A32DE878CBE5C22F29A255","pinned_tabs":"A2E81A8F951EB334B088C1AE7CE4D96C0465E7A9BAD22D362AE9A0CD6ECC634E","prefs":{"preference_reset_time":"26730C447D72A15E124268E328E2201072F4C8A9931B603E7792166E606E6820"},"profile":{"reset_prompt_memento":"7E9CB3537C7CAD0885F07E9841CC198C1A1BD89BE057A06F205A27CF4D9FD4E1"},"safebrowsing":{"incidents_sent":"1819A04DF96F23B73525BAA2DED28BC0548B085B8D186D28CE94EF03AAE7E8F8"},"search_provider_overrides":"4B62AC8A82AD521319C36759B3137025CA5380A5FFF700E9BD41C022EE9CA59E","session":{"restore_on_startup":"260F3579BA31249D608E25F9B77F3E6CCCA8F8B27447DEA7FC0258354D80C021","startup_urls":"2D906B6E6DEBCE6B93F791D683F35A3859CE1CB1F5C55653C016B12D25886F5A"},"software_reporter":{"prompt_reason":"EF0185498CED7CB62EADF0EDCBC3B5AE098C6D12EDFFC4C5009B1E49B1777062","prompt_seed":"7638BBACD70BA1AFD486B193B1245AD86077BEB60CA6EBD2073E5A201560E7FE","prompt_version":"A3F5B1052945324BBC6D151233E078D51B6F347318E04FF9432FDDBCA88683D6"},"sync":{"remaining_rollback_tries":"73EA26F97433A622EF6CC0E7BD835CC3B8331B47EDC2C248AA017371156C17D7"}},"super_mac":"84FD16DF2E437D24C80CAE00A6090F245490FD9445603CE6DD61073F24DAC249"},"session":{"restore_on_startup":4,"startup_urls":["http://www.duolingo.com/","http://homepage-web.com/?s=acer&m=start","https://www.malwarebytes.org/restorebrowser/]},"sync":{"remaining_rollback_tries":0}}

==== Chromium Fix ======================

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_edu.degreesfinder.com_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_edu.degreesfinder.com_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_freedeals4utoday.com_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_freedeals4utoday.com_0.localstorage-journal deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_madamedeals.com_0.localstorage deleted successfully

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_madamedeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{7A58765F-525E-11E5-BEBE-48D224BD8E1D}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A58765F-525E-11E5-BEBE-48D224BD8E1D}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{5894DC3E-AD50-11E4-BEAA-48D224BD8E1D} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"

{696B97CC-37AA-404E-B18F-A694E91BB354} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

{9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4168743488-3503591861-2487148857-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F274703B9DB704042955ECD6A611693A deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0C110 deleted successfully

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B307472F-7BD9-4040-9255-CE6D6A1196A3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F274703B9DB704042955ECD6A611693A deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0C110 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\customer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\customer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\customer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\customer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=985 folders=104 246785903 bytes)

==== Empty Temp Folders ======================

C:\Users\customer\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

Thank you THE! Below is the Zoek results logfile as requested.

cyndi

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\Users\customer\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 09/18/2015 at 8:30:58.37 ======================

cyndifoisy · September 18, 2015

Somehow the part where I said THANK YOU got right there toward the end of the log. I appreciate your guidance.

Cyndi

TwinHeadedEagle · September 18, 2015

Very good. How is your PC behaving now?

cyndifoisy · September 19, 2015

Good Morning!

Well, sadly her computer is responding sort of the same. Only this time,, instead of the pcfixing2.info, I get the same looking page only at: secure.com-msg-err9877sztech/ blah blah blah Verizon%20Online%20 blah blah blah. I include the Verizon part because it's the only thing in plain English. I will also say that I couldn't send a snip of it as snipping tool froze up on me.

Quick question: when I try the next fix, I should try to enable MalwareBytes and MSE before going online? I have been getting the same response in the past either way: enabled or not.

Hope you're off to a great weekend.

Cyndi

TwinHeadedEagle · September 19, 2015

Yes, please keep your protection always enabled unless I tell you to disable it temporary.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

cyndifoisy · September 20, 2015

Thank you again. As a side note, malwarebytes is running but MSE (which I think is now Defender) has been refusing to run since the start of this. When I tell it to run I receive an error code from Microsoft Security Client: "An error has occurred during initialization. 0x80073601," as I cannot get to the internet, I haven't been able to -- well, I planned to uninstall and reinstall.

Here's FRST and Addition.txt.

FRST first:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015

Ran by customer (administrator) on VIVIANSCOMPUTER (20-09-2015 07:34:30)

Running from D:\

Loaded Profiles: customer (Available Profiles: customer)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"

HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-21] (RealNetworks, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-25] (Qualcomm Atheros Commnucations)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-09-02] ()

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [7734 2015-09-14] ()

HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5FADB968-0F32-41ED-9E8A-31E8A9FFB952}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=www.google.com&OSP=

SearchScopes: HKLM -> DefaultScope {9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} URL =

SearchScopes: HKLM-x32 -> DefaultScope {9ACC71AE-7AF6-48D8-980A-C6FA1E68F270} URL =

SearchScopes: HKU\S-1-5-21-4168743488-3503591861-2487148857-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-4168743488-3503591861-2487148857-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-4168743488-3503591861-2487148857-1001 -> {5894DC3E-AD50-11E4-BEAA-48D224BD8E1D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-31] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-31] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-21] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-21] (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-21]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> hxxp://www.duolingo.com/

CHR StartupUrls: Default -> "hxxp://www.duolingo.com/","hxxp://homepage-web.com/?s=acer&m=start","hxxps://www.malwarebytes.org/restorebrowser/"

CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Theme Creator) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-03-16]

CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]

CHR Extension: (Parking Mania™) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliaancdkclmoacockpgpcopnfcjgmpe [2015-03-16]

CHR Extension: (Number Mash) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibpgjedpkpkddjgfbnkcleaoligdohb [2015-03-16]

CHR Extension: (Alarm Clock Radio) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2015-03-16]

CHR Extension: (CanvasDraw) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2015-03-16]

CHR Extension: (Little Alchemy) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-03-16]

CHR Extension: (Sketchpad) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-03-16]

CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2015-03-16]

CHR Extension: (Harmony) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbibdblnnlapclckbdennhlbcnkkgcn [2015-03-16]

CHR Extension: (Plantz vs Zombies 2) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjeibcckpbiibmebbjkmdpbpbjojjno [2015-03-16]

CHR Extension: (Plants vs Zombies) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-03-16]

CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2015-03-16]

CHR Extension: (Google Wallet) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]

CHR Extension: (Math Arcade Games) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfodbdfdkebjhdklkkmnjojpfjkkoodd [2015-03-16]

CHR Extension: (Canvas Rider) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-03-16]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310400 2013-04-25] (Windows ® Win 7 DDK provider) [File not signed]

S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)

S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)

S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165328 2012-12-19] (Intel Corporation)

S2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-25] (Acer Incorporate)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-25] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-20] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)

S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-18 08:18 - 2015-09-18 08:00 - 00024064 _____ C:\WINDOWS\zoek-delete.exe

2015-09-18 08:06 - 2015-09-18 08:30 - 00022345 _____ C:\zoek-results.log

2015-09-18 08:00 - 2015-09-18 08:16 - 00000000 ____D C:\zoek_backup

2015-09-15 18:56 - 2015-09-19 09:27 - 00000024 _____ C:\Users\customer\AppData\Roaming\appdataFr25.bin

2015-09-15 18:10 - 2015-09-20 07:34 - 00000000 ____D C:\FRST

2015-09-15 18:09 - 2015-09-15 18:09 - 00001049 _____ C:\Users\customer\Desktop\VivsMBAM1.txt

2015-09-15 17:21 - 2015-09-15 17:21 - 00000000 ____D C:\Users\customer\Desktop\Malware Removal

2015-09-14 17:40 - 2015-09-15 18:36 - 00000000 ____D C:\AdwCleaner

2015-09-14 16:36 - 2015-09-14 16:36 - 00000000 ____D C:\WINDOWS\pss

2015-09-03 20:29 - 2015-09-03 20:29 - 01186640 _____ C:\Users\customer\Downloads\ProcessExplorer.zip

2015-09-03 20:29 - 2015-09-03 20:29 - 00000000 ____D C:\Users\customer\Downloads\ProcessExplorer

2015-09-03 20:21 - 2015-09-03 20:21 - 00593693 _____ C:\Users\customer\Downloads\Autoruns.zip

2015-09-03 20:21 - 2015-09-03 20:21 - 00000000 ____D C:\Users\customer\Downloads\Autoruns

2015-09-03 20:08 - 2015-09-03 20:08 - 00065232 _____ (Malwarebytes) C:\Users\customer\Downloads\regassassin-setup-1.03.exe

2015-09-03 18:55 - 2015-09-14 17:39 - 00000000 ____D C:\Users\customer\Desktop\mbar

2015-09-03 18:55 - 2015-09-03 18:55 - 16563304 _____ (Malwarebytes Corp.) C:\Users\customer\Downloads\mbar-1.09.2.1008.exe

2015-09-02 12:37 - 2015-09-02 12:37 - 00000000 ____D C:\Users\customer\Documents\CyberLink

2015-09-02 12:37 - 2015-09-02 12:37 - 00000000 ____D C:\Users\customer\AppData\Roaming\CyberLink

2015-09-02 12:37 - 2015-09-02 12:37 - 00000000 ____D C:\Users\customer\AppData\Local\Cyberlink

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-20 07:33 - 2014-06-24 12:15 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-09-18 08:25 - 2014-03-18 05:54 - 00268468 _____ C:\WINDOWS\PFRO.log

2015-09-18 08:25 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-09-15 17:28 - 2014-09-23 07:10 - 00000000 ____D C:\Users\customer\Desktop\GS

2015-09-14 17:12 - 2014-06-24 12:13 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-09-14 17:10 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-09-14 16:37 - 2014-06-20 16:19 - 02068360 _____ C:\WINDOWS\WindowsUpdate.log

2015-09-14 16:37 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-09-14 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-09-12 16:40 - 2013-12-25 17:17 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4168743488-3503591861-2487148857-1001

2015-09-12 04:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-09-10 13:27 - 2014-06-20 16:39 - 00000000 ___DO C:\Users\customer\OneDrive

2015-09-08 09:11 - 2014-06-20 15:54 - 00053284 _____ C:\WINDOWS\system32\wpbbin.exe

2015-09-08 09:11 - 2013-08-22 10:46 - 00290452 _____ C:\WINDOWS\setupact.log

2015-09-02 12:37 - 2013-09-02 13:30 - 00000000 ____D C:\ProgramData\CyberLink

2015-08-27 14:19 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-08-25 11:30 - 2013-12-24 05:51 - 00000000 ____D C:\Users\customer\AppData\Local\Packages

2015-08-24 22:49 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

==================== Files in the root of some directories =======

2015-09-15 18:56 - 2015-09-19 09:27 - 0000024 _____ () C:\Users\customer\AppData\Roaming\appdataFr25.bin

2014-02-13 19:49 - 2014-02-13 19:52 - 0002961 _____ () C:\Users\customer\AppData\Roaming\My Profile.xml

2013-12-25 17:25 - 2014-05-20 18:58 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

safeboot: {4053e004-1403-11e3-8b07-3065ec1404bb} => The system is configured to boot to Safe Mode <===== ATTENTION

LastRegBack: 2015-09-14 05:13

==================== End of FRST.txt ============================

Additon.txt SECOND

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by customer (2015-09-20 07:35:25)

Running from D:\

Windows 8.1 (X64) (2014-06-20 20:34:10)

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4168743488-3503591861-2487148857-500 - Administrator - Disabled)

customer (S-1-5-21-4168743488-3503591861-2487148857-1001 - Administrator - Enabled) => C:\Users\customer

Guest (S-1-5-21-4168743488-3503591861-2487148857-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4168743488-3503591861-2487148857-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)

AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)

AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.116 - Alps Electric)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)

clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)

clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)

GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.51 - Qualcomm Atheros)

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)

Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4168743488-3503591861-2487148857-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

27-08-2015 21:52:04 Scheduled Checkpoint

08-09-2015 09:51:18 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-25 19:11 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0106449C-94A5-4F20-9EF9-0D35E1C84155} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-25] (Acer Incorporate)

Task: {1BE908BA-7CF2-4352-9932-4A8BC4AEF36C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)

Task: {2BCB0A5E-043D-4468-BBCC-E97C31073795} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)

Task: {3738A4B0-D1A0-433C-BEAE-AC35765FE42C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {37563F29-07EE-4FD9-9F6C-E0E2ABCFB248} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {69B2B25D-C82F-4380-8E22-B259EAED2407} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()

Task: {8540C9CA-DC43-4EEF-AAD7-88CDAC56484C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {95C1A335-6542-49EC-A952-EF615950759D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {9877675E-74B7-4E82-AACC-A3784D46F954} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4168743488-3503591861-2487148857-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {9C426E5A-EE8F-4DCE-894B-43FD56C461D0} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {A8D528BC-2BEF-4C24-A1EE-1326011EED72} - \TidyNetwork Update -> No File <==== ATTENTION

Task: {B728D5C2-E55B-4CFE-AF68-B414A0462EDB} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)

Task: {FFD64CB4-4039-47F2-84AF-25F91D0B2730} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4168743488-3503591861-2487148857-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\customer\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\customer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "mcpltui_exe"

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-4168743488-3503591861-2487148857-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B8BFFD7B3299B74D3FEEB05CD4C5367A"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{A44F6B2E-5C00-43A0-BA8A-C968AC278344}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{B42D4965-6C4C-44AF-A03D-C8D7395E1E45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{C373CFF4-F89B-44F2-8898-6A7852BBB5FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{0EDED2BF-D785-476B-BA70-1F6B2823FBB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{134D7DCE-893D-4A84-9038-7B47BB350CD6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{C7B2323F-91A1-46DA-80CA-1C5C1EBA34B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{5E85BC04-EA41-4D1A-A757-4CC3706BC6DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8B074806-4089-4C3A-8F7D-F81811D15218}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{406D975C-71D8-4E4C-AAB0-CD4448471A2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{B063D156-D078-49C9-928C-9D004E502A12}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{188AEDAA-6E3E-4302-9557-F8704EEBB00B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{FEC349FB-1894-4764-9F4F-ED7BDAD64BBD}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{F4263DF7-A700-45F3-B745-63AD1CE38382}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{8455605A-A791-4F1D-9D0F-1D775361EB17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{EEBD945D-10F3-4D1C-B033-28481A857F43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{5BB3C47C-09B6-4F01-898F-FA0677631DF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{C82FB199-A252-4C16-9231-3D5E7601D506}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{94B37A32-211F-4AC3-A899-8368CC1BC43B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{DD0B8080-6CE1-4895-AD45-FE555E687FB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe

FirewallRules: [{7C4EDC7F-681A-46B8-957D-A2D9B717FA59}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe

FirewallRules: [{2766B8D3-A1B9-4D0C-8522-278D8AA41359}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe

FirewallRules: [{1F058901-2FB1-43E3-9AAB-0EE98F03609B}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe

FirewallRules: [{446C17E2-FFE2-44A0-BEE5-0FCCB832A146}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe

FirewallRules: [{4EA8978B-B541-4B46-9EBC-D1E2062BAD67}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe

FirewallRules: [{4DDA9BED-3430-4BC8-8810-29C04434D354}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe

FirewallRules: [{2706F982-90A7-458F-B218-6236F8D10AD1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe

FirewallRules: [{C85518B2-B46A-4CE5-8A06-701212AE797E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe

FirewallRules: [{EDB4F9EC-4BFB-4D30-BD2D-8C2D75E90122}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe

FirewallRules: [{6DE3C614-D5D7-4237-AB16-8EFC0B90F1CF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe

FirewallRules: [{891368A0-D939-4C36-AADE-1552B94899F2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe

FirewallRules: [{37DE595E-2D14-41D6-80B8-FAED641EC683}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe

FirewallRules: [{F566A579-74D2-4B17-A7DC-BA968B379787}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe

FirewallRules: [{7C413896-A8A4-40EC-A4B7-003FF6566ABA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe

FirewallRules: [{48FBD6A3-825B-4C6C-82A9-74EDB805447D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe

FirewallRules: [{939BCC9F-D008-49F3-B7BC-12C0CAEC3FE5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe

FirewallRules: [{49C80462-54D0-4D61-B73A-14CADF03F5FA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{35EF6541-D8A9-4FB0-AA11-F8D0A56006F8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{DF6E0D88-CD6E-482D-B8AA-AD63627C16D8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe

FirewallRules: [{77884C10-886E-4AAF-B186-99EDE90AC47C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe

FirewallRules: [{ABD10EF9-360C-4B61-A6A7-39948B353FA9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe

FirewallRules: [{7B081253-C7DE-48DD-9C90-688E2633C5F2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe

FirewallRules: [TCP Query User{B7C42046-1F1D-4E21-BF75-E77E0F94A5FD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [uDP Query User{D9BBC156-5B9C-4D67-9505-C49465B73B72}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{F851BB29-10C8-43EE-AB79-0FB348E39BAA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{614003E7-7A0B-4175-9091-DEE7BE60C572}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{2C1B9F0B-AAF5-4ED0-AAA9-A99BB5A88110}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe

FirewallRules: [{7D8A471B-E5CF-4394-9599-F1814D4C31C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe

FirewallRules: [{020648A4-5E4C-4FC9-886A-1C7253B23861}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/20/2015 07:33:08 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Users\customer\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (09/20/2015 07:32:18 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2015 08:34:44 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/18/2015 08:34:33 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2015 08:06:32 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\WINDOWS\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).

Error: (09/18/2015 07:59:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/18/2015 07:59:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2015 07:57:14 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2015 05:36:18 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2015 05:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

System errors:

=============

Error: (09/20/2015 07:35:26 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/20/2015 07:35:26 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/20/2015 07:35:26 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/20/2015 07:35:00 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/20/2015 07:34:32 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/20/2015 07:34:32 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/20/2015 07:34:32 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/20/2015 07:34:00 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/20/2015 07:34:00 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/20/2015 07:34:00 AM) (Source: DCOM) (EventID: 10005) (User: VIVIANSCOMPUTER)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

CodeIntegrity:

===================================

Date: 2015-09-08 09:28:22.134

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-27 21:36:16.546

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 12:43:43.512

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-25 19:38:14.835

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-04 10:43:58.427

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-13 22:07:43.400

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-04 15:30:10.564

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-28 10:48:00.514

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-21 09:53:54.311

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-20 14:22:32.892

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core i3-3217U CPU @ 1.80GHz

Percentage of memory in use: 26%

Total physical RAM: 3903.41 MB

Available physical RAM: 2887.07 MB

Total Virtual: 4927.41 MB

Available Virtual: 4057.95 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.92 GB) (Free:377.29 GB) NTFS

Drive d: () (Removable) (Total:0.12 GB) (Free:0.1 GB) FAT

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: BFBA6274)

Partition: GPT.

========================================================

Disk: 1 (Size: 125.4 MB) (Disk ID: 0067528F)

Partition 1: (Active) - (Size=125 MB) - (Type=0E)

==================== End of Addition.txt ============================

TwinHeadedEagle · September 20, 2015

Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

cyndifoisy · September 20, 2015

Sorry. I had read this in FRST from here: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/:

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well or if needed you can attach the logs.

I was actually going to ask you which was better. I thought maybe it would prevent you from having to open something extra. It's actually easier for me too to attach the files separately. Anyways, really sorry about that. Here's the two files you requested:

Addition.txt FRST.txt

Thank you. Sorry you're working on a Sunday night, THANKFUL but sorry.

Cyndi

TwinHeadedEagle · September 20, 2015

May I ask why are you running the tool from Safe Mode?

Do you have problems with other browsers?

cyndifoisy · September 20, 2015

I guess I do not know... Perhaps my internet would come on in secret and eat its way through the computer casing and begin consuming my children?

I will restart in NOT safe mode. Then I will rerun those FRST and repost. As attachments

Thank you. Cyndi

TwinHeadedEagle · September 21, 2015

Okay, please run FRST from Normal mode and attach both reports.

cyndifoisy · September 21, 2015

Addition.txt FRST.txt

Okay. Thank you. FRST results attached from Normal Mode.

Cyndi

TwinHeadedEagle · September 21, 2015

Google Chrome is altered and should be reinstalled.

CHR dev: Chrome dev build detected! <======= ATTENTION

Other than this, PC seems clean.

cyndifoisy · September 21, 2015

Wow. I cannot believe it! I am Soooooo happy to hear it though! I hope you enjoy the rest of your... life! Thank you for your help.

Cyndi

cyndifoisy · September 21, 2015

Actually, we have a problem. I would say we should go into control panel> programs> programs and features > uninstall.

There is no google chrome or chrome, google to uninstall. Now what? I will search the hard drive for a google app and see if there is an uninstall associated.

No luck. Okay. We're looking for it.

Cyndi

TwinHeadedEagle · September 22, 2015

Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Let me know if you found this.

cyndifoisy · September 23, 2015

Thank you. I did and I did remove it.

Then I go back online and a... "blank version" of Chrome pops up, asking me to sign in and start using Chrome. Then I sign in and VIOLA! The terrible web blocker "pcfixing2.info..." or whatever blah blah. The internet locks up and I have to use task manager to quit it. I've actually tried deleting it 3 times. The first time, I just threw it in the recycle bin. Forgot to empty. Went online and blocked by pcfixing. Removed Google folder again, same plan but emptied recycle bin. Went online. Blocked by pcfixing. THEN I removed the Google folder, emptied the recycle bin, and restarted. Claiming Genius! Unfortunately, no. Same.

I really appreciate your patience.

Cyndi

TwinHeadedEagle · September 23, 2015

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

cyndifoisy · September 23, 2015

Addition.txt FRST.txt

New look at my daughter's computer attached!

TwinHeadedEagle · September 24, 2015

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

cyndifoisy · September 24, 2015

Thank you for continued support. I hope I disabled all of her malware detection stuff. MBAM for sure. I think that's all that's working right now. Junk Removal Tool text attached.

Cyndi

JRT.txt

TwinHeadedEagle · September 25, 2015

How is the situation now?

cyndifoisy · September 25, 2015

Miraculous!!!!! Thank you so much. Took some doing to figure out the stand-alone download of Chrome, as she had no browser associated with her computer anymore. (We took of IE ages ago.) But we did it and it's jiving!

So appreciate your help. Check your piggy bank!

Cyndi

Pop ups Redirects of Internet then Freeze PCfixing2.info

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information