Shopperz dnsapi.dll problem

[kevinf80]

That would seem to be the problem...... Ok I want you to open an elevated command prompt, from the prompt we can run a command that should reset all permissions to windows default setting, in theory we should be back to normal....

 

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or better still copy and paste:

 

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose     --- Tap Enter

 

When finished type exit Tap enter, re-boot your PC.

 

Its getting late for me 1:45am local time, i`ll be logging of very soon, will catch up later.

 

When that command completes check the permissions again for the two problem files, see if we make progress...

 

cheers,

 

Kevin

[kevinf80]

Do you still need help?

[Zeal2001]

So I just noticed I made a mistake. Dnsapi didn't have the special permission checkmark System32 properties did. Dnsapi properties has no System under security group. Just Everyone and Administrators. Everyone does only have Read checkmarked though.

In addition to that I just noticed that under network there are two things that come up when I click the small black arrow one that says USER-PC and one that says JOHANOSORIO-PC that says Windows cannot access it when I click on it. Could that be a problem?

[kevinf80]

Can you get the following downloaded and transferred to the sick PC?

 

Download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"




From the main GUI do the following:


Select Tab 5 and Create System Restore Point




Select Repairs tab => Click the Open repairs tab




The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...




DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log





Let me see that log,
 

Kevin...

[Zeal2001]

Wow so that just about fixed everything. I'm using the previously broken laptop to type this message. Internet's working and no more message in the corner about Windows being counterfeit. The only thing that didn't revert back to normal was the default Windows desktop still being black, but that's not very important. Attached the file to this post. Should I send you the previous two logs as well now that it's a lot easier to do?

_Windows_Repair_Log.txt

[Zeal2001]

So I ran a scan with Malwarebytes and it finished with a lot of Potentially Unwanted Program threats. Should I get rid of these? Is there a way to show you the results before I try to do this?

[kevinf80]

Yes please remove all entries found by Malwarebytes, also post the log..

 

To get the log, open Malewarebytes....

 

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

 
Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Make sure Addition.txt is checkmarked under "Optional scans"
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.
  

 

Post those logs, also give an update on any remaining issues or concerns....

 

Yes the tool from Tweaking.com is very good and does produce some really good results...

 

Thank you,

 

Kevin....

[Zeal2001]

Still doing the other stuff, but here's the log from the scan

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/14/2016

Scan Time: 4:25 AM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2016.01.14.03

Rootkit Database: v2016.01.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: User

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 484823

Time Elapsed: 25 min, 35 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 1

PUP.Optional.AmazingTab, C:\Program Files\amztab\amztab.exe, 1464, Delete-on-Reboot, [f19ad2673465b97d6ef069c353b148b8]

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 7

PUP.Optional.AmazingTab, HKLM\SOFTWARE\AmazingTab, Quarantined, [9ceff9403f5a61d53b7724a853af0bf5], 

PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [503bc970aaef1f17c70c5ecddb2901ff], 

PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\amztab_RASAPI32, Quarantined, [bccf12274356d264fa7962c084805ba5], 

PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\amztab_RASMANCS, Quarantined, [ddae2712881180b60c67cb5751b33fc1], 

PUP.Optional.AmazingTab, HKLM\SOFTWARE\WOW6432NODE\AmazingTab, Quarantined, [0784ba7fabee96a05b576369b25055ab], 

PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [82094aefa8f1a98d00d3ee3d5fa5fa06], 

PUP.Optional.AmazingTab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AmazingTab, Quarantined, [f19ad2673465b97d6ef069c353b148b8], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 8

PUP.Optional.AmazingTab, C:\Program Files\amztab, Delete-on-Reboot, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\1c9b6606-974b-40f2-bfea-8d0c19faae4f, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83de-DE, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83fr, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83it, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83zh-CN, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

 

Files: 14

PUP.Optional.AllPCOptimizer, C:\Windows\Allpcoptimizer.exe, Quarantined, [6e1dd6636a2fde5815947959e31e35cb], 

PUP.Optional.AllPCOptimizer, C:\Windows\Installer\38399.msi, Quarantined, [701b2712504938fe5752f1e1ac559a66], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\amztab.exe, Delete-on-Reboot, [f19ad2673465b97d6ef069c353b148b8], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\amztab.exe.config, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\config.conf, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\icon.ico, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\uninstall.exe, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\1c9b6606-974b-40f2-bfea-8d0c19faae4f\clean.exe, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\1c9b6606-974b-40f2-bfea-8d0c19faae4f\clean.exe.config, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83\zetip.exe.config, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83de-DE\Microsoft.Win32.TaskScheduler.resources.dll, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83fr\Microsoft.Win32.TaskScheduler.resources.dll, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83it\Microsoft.Win32.TaskScheduler.resources.dll, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

PUP.Optional.AmazingTab, C:\Program Files\amztab\packages\4376971a-031b-4966-850b-de552864fa83zh-CN\Microsoft.Win32.TaskScheduler.resources.dll, Quarantined, [8a0162d7f8a147ef6934f9cf60a250b0], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[kevinf80]

Excellent, we make good progress...

[Zeal2001]

So the logs were for a custom scan where I scanned the entire C drive. I'm doing a threat scan now, do you want the logs for that as well?

[kevinf80]

Yes please, post all produced logs

[Zeal2001]

Here's the AdwCleaner log

 

# AdwCleaner v5.029 - Logfile created 14/01/2016 at 06:59:01

# Updated 11/01/2016 by Xplode

# Database : 2016-01-12.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : User - USER-PC

# Running from : C:\Users\User\Downloads\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files\Faster Web

[-] Folder Deleted : C:\Program Files (x86)\56A81B6E-1451634741-E111-8555-DC0EA146292E

[-] Folder Deleted : C:\Users\User\AppData\Roaming\Store

 

***** [ Files ] *****

 

[-] File Deleted : C:\END

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inst.bubbledock.us_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inst.bubbledock.us_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvgamasearch.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvgamasearch.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage-journal

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : CLALAPLLJWCCCUCX

[-] Task Deleted : OYVEPWA1

[-] Task Deleted : CLALAPLLJWCCCUCX

[-] Task Deleted : OYVEPWA1

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]

[-] Key Deleted : HKCU\Software\NpApp

[-] Key Deleted : HKCU\Software\Store

[-] Key Deleted : HKCU\Software\Tutorials

[-] Key Deleted : HKCU\Software\WTools

[-] Key Deleted : HKCU\Software\tstamptoken

[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

[-] Key Deleted : HKLM\SOFTWARE\NpApp

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU

 

***** [ Web browsers ] *****

 

[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6ry0wvdz.default\prefs.js] [Preference] Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1443452257);

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5190 bytes] ##########

[Zeal2001]

Here's the other Malwarebytes scan log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/14/2016

Scan Time: 6:28 AM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2016.01.14.03

Rootkit Database: v2016.01.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: User

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 331143

Time Elapsed: 5 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Zeal2001]

Here are the FRST logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01

Ran by User (administrator) on USER-PC (14-01-2016 07:11:15)

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available Profiles: User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [9574112 2015-12-09] ()

HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\...\MountPoints2: {c2a521e7-79dd-11e5-b6c8-dc0ea146292e} - E:\TL-Bootstrap.exe

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\...\MountPoints2: {eee42eca-179a-11e5-b481-dc0ea146292e} - E:\TL-Bootstrap.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-01-01]

ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{47D26826-AADE-4553-9342-A72ECD0947A1}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{B0B6AA22-2E8D-459A-B24E-B3F68A4C8DEB}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3377139866-583512431-1254867394-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MCM_WCP

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3377139866-583512431-1254867394-1000 -> DefaultScope {41175E49-5662-46E9-B605-06BA7C73A054} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3377139866-583512431-1254867394-1000 -> {41175E49-5662-46E9-B605-06BA7C73A054} URL = hxxps://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

 

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6ry0wvdz.default

FF DefaultSearchEngine.US: Google

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/com/?site=shyosffdefault&prd=set_ff&s=G11zamotn10924,6d15bb70-bc41-40ad-ba17-f41839086061,

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12244.xpi [not found]

FF Extension: No Name - C:\Program Files\shopperz311220152308\Firefox\{057FABBF-2F4C-4B77-8379-B4B95428B35A}.xpi [not found]

FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6ry0wvdz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-30]

FF HKLM-x32\...\Firefox\Extensions: [iSVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=G11zamotn10924,6d15bb70-bc41-40ad-ba17-f41839086061,&vp=ch&prd=set_ch

CHR StartupUrls: Default -> "hxxp://www-mysearch.com/?pid=s&s=G11zamotn10924,6d15bb70-bc41-40ad-ba17-f41839086061,&vp=ch&prd=set_ch"

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [712432 2015-12-09] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-14 07:11 - 2016-01-14 07:11 - 00015862 _____ C:\Users\User\Downloads\FRST.txt

2016-01-14 07:10 - 2016-01-14 07:10 - 02370560 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2016-01-14 06:56 - 2016-01-14 06:59 - 00000000 ____D C:\AdwCleaner

2016-01-14 06:52 - 2016-01-14 06:52 - 01754112 _____ C:\Users\User\Downloads\AdwCleaner.exe

2016-01-14 04:39 - 2016-01-14 04:39 - 00012924 _____ C:\Users\User\Downloads\_Windows_Repair_Log.txt

2016-01-14 04:39 - 2016-01-14 04:39 - 00012924 _____ C:\Users\User\Downloads\_Windows_Repair_Log (1).txt

2016-01-14 04:02 - 2016-01-14 04:02 - 00183450 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt

2016-01-14 04:02 - 2016-01-14 04:02 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

2016-01-14 04:02 - 2016-01-14 04:02 - 00002159 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair.lnk

2016-01-14 04:02 - 2016-01-14 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2016-01-14 04:02 - 2016-01-14 04:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

2016-01-14 04:01 - 2016-01-14 03:47 - 21102632 _____ (Tweaking.com) C:\Users\User\Downloads\tweaking.com_windows_repair_aio_setup.exe

2016-01-01 11:17 - 2016-01-01 11:17 - 00037066 _____ C:\Users\User\Desktop\Addition.txt

2016-01-01 11:17 - 2016-01-01 11:17 - 00024474 _____ C:\Users\User\Desktop\FRST.txt

2016-01-01 11:13 - 2016-01-14 07:11 - 00000000 ____D C:\FRST

2016-01-01 01:56 - 2016-01-01 01:56 - 00003744 _____ C:\Users\User\Desktop\Rkill.txt

2015-12-31 23:44 - 2016-01-01 00:45 - 00000000 ____D C:\Users\User\AppData\LocalLow\Company

2015-12-31 23:44 - 2016-01-01 00:34 - 00000000 ____D C:\Users\User\AppData\Roaming\ZawoNiiq

2015-12-31 23:44 - 2015-12-31 23:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder

2015-12-31 23:44 - 2015-12-31 23:44 - 00003334 _____ C:\Windows\System32\Tasks\Duawnob

2015-12-31 23:44 - 2015-12-31 23:44 - 00000000 ____D C:\Windows\system32\jac

2015-12-31 23:35 - 2015-12-31 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2015-12-31 23:32 - 2015-12-31 23:37 - 00000912 _____ C:\Windows\SysWOW64\${LOGFILE}

2015-12-31 23:32 - 2015-12-31 23:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

2015-12-31 23:30 - 2015-12-31 23:30 - 00000000 ____D C:\Users\User\AppData\Local\CEF

2015-12-31 23:28 - 2015-12-31 23:28 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066

2015-12-31 23:27 - 2016-01-01 00:43 - 00000000 ____D C:\Users\User\AppData\Roaming\pendis

2015-12-30 05:12 - 2015-12-30 05:29 - 2001411406 _____ C:\Users\User\Downloads\Star_Wars_The_Force_Awakens_2015_HD-CAM_XViD_HQMic_AC3-CPG.avi

2015-12-21 13:05 - 2015-12-21 13:06 - 00000000 ____D C:\Users\User\Downloads\Shou new

2015-12-21 12:54 - 2015-12-21 12:54 - 00000000 ____D C:\Users\User\Downloads\Twitter

2015-12-21 12:51 - 2015-12-21 12:51 - 00000000 ____D C:\Users\User\Downloads\Movies

2015-12-21 12:50 - 2015-12-21 12:50 - 00000000 ____D C:\Users\User\Downloads\Neko Atsume

2015-12-21 12:49 - 2015-12-21 12:49 - 00000000 ____D C:\Users\User\Downloads\barb

2015-12-21 12:48 - 2015-12-21 12:48 - 00000000 ____D C:\Users\User\Downloads\Download

2015-12-20 03:09 - 2015-12-20 03:20 - 210259538 _____ C:\Users\User\Downloads\Nina Mercedez & Eva Angelina - Lesbians Love Sex 2.wmv

2015-12-18 23:45 - 2016-01-01 00:47 - 00002631 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2015-12-18 23:45 - 2015-12-31 23:20 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent

2015-12-18 23:45 - 2015-12-18 23:47 - 00000000 ____D C:\Users\User\Downloads\Lava.2014.SHORT.720p.WEBRip.x264.AAC-ETRG

2015-12-18 23:44 - 2015-12-31 23:37 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent

2015-12-18 23:44 - 2015-12-18 23:44 - 01873952 _____ (BitTorrent Inc.) C:\Users\User\Downloads\BitTorrent (1).exe

2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-14 07:09 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-14 07:09 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-14 07:04 - 2009-07-13 21:13 - 00775032 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-14 07:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf

2016-01-14 07:01 - 2015-06-09 14:25 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2016-01-14 07:01 - 2015-06-09 14:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-14 06:59 - 2015-07-01 05:51 - 00000000 ____D C:\Users\User\AppData\Local\HTC MediaHub

2016-01-14 06:59 - 2015-06-08 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-14 06:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-14 06:52 - 2015-06-08 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-14 06:35 - 2015-06-09 14:15 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-01-14 06:35 - 2015-06-09 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-14 06:35 - 2015-06-09 14:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-14 06:28 - 2015-06-08 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-14 05:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows

2016-01-14 04:52 - 2015-06-08 14:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-14 04:52 - 2015-06-08 14:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-14 04:52 - 2015-06-08 14:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-14 04:33 - 2015-06-08 14:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-14 04:33 - 2015-06-08 14:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-14 04:32 - 2015-06-08 14:17 - 00064408 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2016-01-14 04:20 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2016-01-14 04:20 - 2009-07-13 20:45 - 00295824 _____ C:\Windows\system32\FNTCACHE.DAT

2016-01-14 04:19 - 2015-07-13 10:14 - 00000000 ____D C:\Program Files\Google

2016-01-14 04:19 - 2015-06-08 14:54 - 00000000 ____D C:\Program Files (x86)\Google

2016-01-14 04:16 - 2009-07-13 18:34 - 00000439 _____ C:\Windows\win.ini

2016-01-14 04:15 - 2015-11-13 08:58 - 00778834 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2016-01-14 03:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF

2016-01-12 02:33 - 2015-06-08 14:54 - 00000000 ____D C:\Users\User\AppData\Local\Google

2016-01-09 17:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas

2016-01-06 02:21 - 2015-06-09 14:30 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics

2016-01-01 01:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2016-01-01 00:47 - 2015-11-13 08:59 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2016-01-01 00:47 - 2015-11-13 08:59 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2016-01-01 00:47 - 2015-11-13 04:16 - 00001125 _____ C:\Users\Public\Desktop\MKV to MP4 Converter Express.lnk

2016-01-01 00:47 - 2015-11-13 03:01 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk

2016-01-01 00:47 - 2015-11-09 05:48 - 00001832 _____ C:\Users\Public\Desktop\Lightworks x64 (12.5).lnk

2016-01-01 00:47 - 2015-08-29 06:57 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-01-01 00:47 - 2015-08-29 06:57 - 00001124 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-01-01 00:47 - 2015-07-29 22:22 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-01-01 00:47 - 2015-07-18 09:34 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-01-01 00:47 - 2015-07-18 09:33 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-01-01 00:47 - 2015-07-01 07:19 - 00001106 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk

2016-01-01 00:47 - 2015-07-01 05:51 - 00002025 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk

2016-01-01 00:47 - 2015-06-08 14:54 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-01 00:47 - 2015-06-08 14:19 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-01-01 00:47 - 2015-06-08 10:32 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2016-01-01 00:47 - 2015-06-08 10:32 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2016-01-01 00:47 - 2009-07-13 21:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2016-01-01 00:47 - 2009-07-13 20:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2016-01-01 00:47 - 2009-07-13 20:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

2016-01-01 00:47 - 2009-07-13 20:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2016-01-01 00:47 - 2009-07-13 20:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2016-01-01 00:47 - 2009-07-13 20:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2016-01-01 00:47 - 2009-07-13 20:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2016-01-01 00:22 - 2015-08-29 06:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-01 00:06 - 2015-08-29 07:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-12-31 23:51 - 2009-07-13 18:34 - 00001110 _____ C:\Windows\system32\Drivers\etc\hosts_bak_678

2015-12-31 23:17 - 2015-11-13 03:02 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc

2015-12-21 12:45 - 2015-11-13 08:55 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live

 

==================== Files in the root of some directories =======

 

2013-01-11 14:13 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\User\AppData\Roaming\JomCap.dll

 

Some files in TEMP:

====================

C:\Users\User\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-09 00:08

 

==================== End of FRST.txt ============================

Addition.txt

[Zeal2001]

The only questions I have left would be more laptop technical questions, not really malware or virus related. Is there another section of the forum that would help with that?

[kevinf80]

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 

Let me see those logs, also give update on any remaining issues or concerns...

 

Depending what is wrong with your laptop, I maybe able to help or probably the General PC forum will help https://forums.malwarebytes.org/index.php?/forum/6-general-pc-help/

 

Thank you,

 

Kevin

 

 

Fixlist.txt

[Zeal2001]

Here's the fixlog.txt file. I'll just use the general PC forum as it's not very serious stuff.

Fixlog.txt

[Zeal2001]

Here's the jrt.txt file. One small thing when I followed the previous step it erased all of my search history, any way to reverse that?

JRT.txt

[Zeal2001]

Here's the mrt.log

 

Microsoft Windows Malicious Software Removal Tool v5.32, January 2016 (build 5.32.12202.0)

Started On Fri Jan 15 04:52:17 2016

 

Engine: 1.1.12400.0

Signatures: 1.213.1308.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 15 04:56:30 2016

 

 

Return code: 0 (0x0)

[kevinf80]

What is the current status of your system, any remaining issues or concerns....

 

Thank you,

 

Kevin....

[Zeal2001]

Everything seems to be good. Only question is doing the fixlog step erased all of my history on Chrome, I was wondering if there any way to reverse that? Not a big deal if there isn't though.

[kevinf80]

No way to redeem History, apologies. If no other issues run the following to clean up..

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 
 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!