Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Had virus(es) now unable to do Windows update and iTunes.

This is a discussion on Had virus(es) now unable to do Windows update and iTunes. within the Resolved HJT Threads forums, part of the Tech Support Forum category. A few months ago my PC became infected with a few viruses, Cryptor and some ransomware at the very minimum.


 
 
Thread Tools Search this Thread
Old 07-29-2015, 11:22 AM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



A few months ago my PC became infected with a few viruses, Cryptor and some ransomware at the very minimum. After running various AV's and malwarebytes, I seemingly thought I was in the clear. Not sure what residual damage was done to system files, but I am unable to do windows updates. SP1 has been removed from my PC and I can't update it. I cannot use system restore. It only gives me 3 restore points, all of which are within 24 hours of whenever I try to use it, plus it will not restore to any point I pick. Last night I tried updating iTunes. I received an error during install and now iTunes is not operational. I tried uninstalling and re-downloading but I still get an error message. I was told to back up all of my files and to do a reset to factory settings, but I would rather not do that. I was also told I may have corrupt files in my registry but not sure what to do with that. Any help would be greatly appreciated.
flyersfan2292 is offline  
Sponsored Links
Advertisement
 
Old 07-29-2015, 01:07 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Are you receiving any error numbers, etc.?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-29-2015, 07:11 PM   #3
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Ok, first, here are some of the error messages I received. This one was when trying to open iTunes: The procedure entry point CMBlockBuffer CopyDataBytes could not be located in the dynamic link library CoreMedia.dll

Then when trying to reinstall iTunes I got this: An error occurred during the installation of the assembly 'Microsoft.VC80.crt.type ="Win32".version ="8.0.50727.6195" PublicKey token ="1fc8b3b9a1e18e3b". processorArchitecture ="amd64". HResult:0x8007054F

Error message when trying to install Windows updates for Windows SP 1: Error code 80040154, for Windows Live Essentials 2011: Error code 80070BC9

The first log below is for the AdwCleaner, followed by the log for the Farbar Recovery Scan Tool FRST.txt and then I attached the file for the addition.txt file as you requested. Thanks for helping!

----------------------------------------------------------------------
# AdwCleaner v4.208 - Logfile created 29/07/2015 at 21:48:25
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Mike - MIKEANDJEN-PC
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : CouponPrinterService
[#] Service Deleted : vToolbarUpdater13.2.0
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Mike\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Mike\AppData\Roaming\Check Point Software Technologies LTD
Folder Deleted : C:\Users\TEST\AppData\LocalLow\Check Point Software Technologies LTD
File Deleted : C:\ProgramData\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\ProgramData\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\ProgramData\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike\AppData\Local\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike\AppData\Local\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike\AppData\Local\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike\AppData\LocalLow\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike and Jen\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike and Jen\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike and Jen\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike and Jen\AppData\Local\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike and Jen\AppData\Local\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike and Jen\AppData\Local\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike and Jen\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike and Jen\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike and Jen\AppData\LocalLow\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike and Jen\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike and Jen\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike and Jen\AppData\Roaming\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Users\Mike and Jen\Documents\DECRYPT_INSTRUCTION.HTML
File Deleted : C:\Users\Mike and Jen\Documents\DECRYPT_INSTRUCTION.TXT
File Deleted : C:\Users\Mike and Jen\Documents\DECRYPT_INSTRUCTION.URL
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v44.0.2403.107

*************************
AdwCleaner[R0].txt - [6608 bytes] - [15/11/2014 23:17:44]
AdwCleaner[R1].txt - [6672 bytes] - [15/11/2014 23:23:34]
AdwCleaner[R2].txt - [1438 bytes] - [16/11/2014 02:08:49]
AdwCleaner[R3].txt - [7642 bytes] - [29/07/2015 21:46:04]
AdwCleaner[S0].txt - [5872 bytes] - [15/11/2014 23:28:34]
AdwCleaner[S1].txt - [1519 bytes] - [16/11/2014 02:10:24]
AdwCleaner[S2].txt - [7465 bytes] - [29/07/2015 21:48:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7524 bytes] ##########

-----------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Mike (administrator) on MIKEANDJEN-PC (29-07-2015 21:54:49)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike and Jen & Mike)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-17] (Microsoft Corporation)
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-12] (Google Inc.)
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...\Run: [IntelPowerAgent64] => rundll32.exe shell32.dll, ShellExec_RunDLL C:\PROGRA~3\DD6BB8~1.EXE
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-09]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2007-10-10]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2007-10-10]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Bing
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Philadelphia Flyers
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104458019-347564966-2216038930-1001 -> DefaultScope {C37DD977-44A7-4BE3-80F0-5814B065B268} URL = https://search.yahoo.com/search?fr=c...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4104458019-347564966-2216038930-1001 -> {C37DD977-44A7-4BE3-80F0-5814B065B268} URL = https://search.yahoo.com/search?fr=c...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4104458019-347564966-2216038930-1001 -> {E6986AE6-63F8-4C18-B874-E38D5CC8485F} URL = https://www.amazon.com/exec/obidos/AS...nnorswebguidec
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4104458019-347564966-2216038930-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} https://office.microsoft.com/_layouts.../ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} https://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} https://a-sl1-app01.advancedmd.com/p.../ppmdforms.cab
DPF: HKLM-x32 {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} https://a-sl1-app01.advancedmd.com/p...controls50.cab
DPF: HKLM-x32 {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} https://a-sl1-app02.advancedmd.com/p...mdswscheck.cab
DPF: HKLM-x32 {B15C3921-CCFA-4403-9E6F-4470839E835E} https://a-sl1-app01.advancedmd.com/p.../leadtools.cab
DPF: HKLM-x32 {CC99A86F-EA5D-414A-8231-7C3F1B10A644} https://a-sl1-app01.advancedmd.com/p.../amdsaudio.cab
DPF: HKLM-x32 {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} https://a-sl1-app01.advancedmd.com/p...vbdownload.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E04D3175-9F82-4016-AE02-AC04F786DCD9}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9srvv6an.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://flyers.nhl.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ibngedbinnjpbfcofdpaggmfddjcflie] - C:\ProgramData\ADDICT-THING\ibngedbinnjpbfcofdpaggmfddjcflie.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-29 21:54 - 2015-07-29 21:55 - 00021799 _____ C:\Users\Mike\Desktop\FRST.txt
2015-07-29 21:54 - 2015-07-29 21:54 - 00000000 ____D C:\FRST
2015-07-29 21:53 - 2015-07-29 21:53 - 02169856 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-07-29 21:51 - 2015-07-29 21:51 - 00007608 _____ C:\Users\Mike\Desktop\adware.txt
2015-07-29 21:45 - 2015-07-29 21:45 - 02248704 _____ C:\Users\Mike\Desktop\AdwCleaner.exe
2015-07-29 20:21 - 2015-07-29 20:24 - 155875632 _____ (Apple Inc.) C:\Users\Mike\Downloads\iTunes6464Setup.exe
2015-07-29 00:13 - 2015-07-29 00:13 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 23:31 - 2015-07-29 03:55 - 00000000 ____D C:\Users\TEST\AppData\Roaming\ArcSoft
2015-07-28 23:31 - 2015-07-28 23:31 - 00058032 _____ C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Panda Security
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Google
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Apple Computer
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Adobe
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\IOI
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\DoNotTrackPlus
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\Deployment
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\ArcSoft
2015-07-28 23:31 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\Apps\2.0
2015-07-28 23:30 - 2015-07-29 03:55 - 00000000 ___RD C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-28 23:30 - 2015-07-29 03:55 - 00000000 ___RD C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-28 23:30 - 2015-07-29 03:55 - 00000000 ____D C:\Users\TEST
2015-07-28 23:30 - 2015-07-28 23:31 - 00000000 ____D C:\Users\TEST\AppData\Local\Google
2015-07-28 23:30 - 2015-07-28 23:30 - 00000000 ____D C:\Users\TEST\AppData\Local\VirtualStore
2015-07-28 23:30 - 2014-07-20 17:36 - 00000000 ____D C:\Users\TEST\AppData\Roaming\Macromedia
2015-07-28 23:30 - 2014-02-03 20:50 - 00000000 ____D C:\Users\TEST\AppData\Roaming\TuneUp Software
2015-07-26 22:18 - 2015-07-26 22:18 - 00626511 _____ C:\Users\Mike\Desktop\Game lineup sheet.xlsx
2015-07-22 17:15 - 2015-07-22 17:15 - 00000024 _____ C:\Windows\7E6549DF9D4B8588.log
2015-07-21 20:22 - 2015-07-26 08:33 - 00000000 ____D C:\Users\Mike\Desktop\T25 Beta
2015-07-16 22:09 - 2015-07-26 08:56 - 00000000 ____D C:\Users\Mike\Desktop\T25 Alpha
2015-07-16 22:08 - 2015-07-26 08:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\dvdcss
2015-07-16 22:07 - 2015-07-29 03:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2015-07-16 22:07 - 2015-07-16 22:07 - 00001337 _____ C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2015-07-16 22:07 - 2015-07-16 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Digiarty
2015-07-16 22:07 - 2015-07-16 22:07 - 00000000 ____D C:\Program Files (x86)\Digiarty
2015-07-16 22:05 - 2015-07-16 22:06 - 37829992 _____ (Digiarty Software, Inc. ) C:\Users\Mike\Downloads\winx-dvd-ripper-pt.exe
2015-07-15 23:58 - 2015-07-15 23:58 - 00705024 _____ C:\Users\Mike\Downloads\FreeISOBurner.exe
2015-07-15 23:29 - 2015-07-15 23:29 - 03469871 _____ (LIGHTNING UK!) C:\Users\Mike\Downloads\SetupImgBurn_2.5.8.0.exe
2015-07-15 23:24 - 2015-07-15 23:24 - 00000000 ____D C:\Users\Mike\Documents\AnyDVDHD
2015-07-15 23:19 - 2015-07-15 23:19 - 00000040 ___SH C:\ProgramData\.zreglib
2015-07-15 23:17 - 2015-07-15 23:17 - 12035816 _____ C:\Users\Mike\Downloads\SetupAnyDVD7610.exe
2015-07-15 23:17 - 2015-07-15 23:17 - 00000000 ____D C:\ProgramData\SlySoft
2015-07-15 23:17 - 2015-07-15 23:17 - 00000000 ____D C:\Program Files (x86)\SlySoft
2015-07-15 22:46 - 2015-07-15 22:46 - 00000000 ____D C:\ProgramData\DVD Shrink
2015-07-15 22:45 - 2015-07-15 22:45 - 01117491 _____ (DVD Shrink ) C:\Users\Mike\Desktop\dvdshrink32setup.exe
2015-07-15 21:07 - 2015-07-15 21:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf63d05fe248.job
2015-07-12 21:51 - 2015-07-29 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 20:18 - 2015-07-11 20:18 - 00000000 ____D C:\Users\Mike and Jen\Desktop\ShoreFriends
2015-07-11 20:17 - 2015-07-11 20:23 - 00000000 ____D C:\Users\Mike and Jen\Desktop\Baseball 2015 BiddyMidget
2015-07-03 03:00 - 2015-07-03 03:00 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-02 22:51 - 2015-07-02 22:51 - 00000000 ____D C:\Users\Mike\AppData\Local\Dropbox
2015-07-02 22:51 - 2015-07-02 22:51 - 00000000 ____D C:\ProgramData\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-29 21:54 - 2009-07-14 01:13 - 00780196 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 21:54 - 2007-10-10 16:27 - 01366742 _____ C:\Windows\WindowsUpdate.log
2015-07-29 21:51 - 2013-02-10 19:19 - 00000000 ___RD C:\Users\Mike\Dropbox
2015-07-29 21:50 - 2015-06-16 07:59 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-07-29 21:50 - 2013-02-10 19:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
2015-07-29 21:50 - 2012-07-07 21:57 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2015-07-29 21:50 - 2011-07-13 22:32 - 00000000 ____D C:\Users\Mike\Tracing
2015-07-29 21:50 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 21:50 - 2009-07-14 00:51 - 00062986 _____ C:\Windows\setupact.log
2015-07-29 21:48 - 2014-11-15 23:17 - 00000000 ____D C:\AdwCleaner
2015-07-29 21:48 - 2010-12-11 14:32 - 00000000 ____D C:\Users\Mike and Jen
2015-07-29 21:30 - 2010-12-11 15:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-29 21:06 - 2010-12-12 03:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 16:21 - 2013-11-17 16:21 - 00000000 ____D C:\Users\Mike and Jen\Desktop\ebay
2015-07-29 07:57 - 2011-06-26 01:16 - 00000000 ____D C:\Users\Mike and Jen\AppData\Local\CrashDumps
2015-07-29 07:57 - 2011-01-01 11:39 - 00000000 ____D C:\Users\Mike and Jen\Tracing
2015-07-29 07:44 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 07:44 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 03:55 - 2015-06-09 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Scrubber
2015-07-29 03:55 - 2015-06-09 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-07-29 03:55 - 2015-06-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8
2015-07-29 03:55 - 2015-06-08 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2015-07-29 03:55 - 2015-05-06 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-07-29 03:55 - 2015-01-28 22:06 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-29 03:55 - 2014-11-19 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-29 03:55 - 2014-11-19 22:05 - 00000000 ____D C:\Program Files\iTunes
2015-07-29 03:55 - 2014-11-19 22:05 - 00000000 ____D C:\Program Files\iPod
2015-07-29 03:55 - 2014-11-19 22:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-29 03:55 - 2014-11-09 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-07-29 03:55 - 2014-10-29 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-29 03:55 - 2014-10-28 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-07-29 03:55 - 2014-09-28 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-29 03:55 - 2014-01-28 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-07-29 03:55 - 2013-12-29 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2015-07-29 03:55 - 2013-12-13 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-07-29 03:55 - 2013-07-29 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity
2015-07-29 03:55 - 2012-01-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-07-29 03:55 - 2011-12-01 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-29 03:55 - 2010-12-16 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX
2015-07-29 03:55 - 2010-12-16 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer
2015-07-29 03:55 - 2010-12-16 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2015-07-29 03:55 - 2010-12-16 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 5
2015-07-29 03:55 - 2010-12-13 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2015-07-29 03:55 - 2010-12-11 16:06 - 00000000 ____D C:\Users\Mike
2015-07-29 03:55 - 2010-09-19 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-07-29 03:55 - 2010-09-19 22:10 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-07-29 03:55 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-29 03:55 - 2009-07-13 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-29 03:55 - 2009-07-13 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-29 03:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-29 03:55 - 2007-10-10 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-29 03:55 - 2007-10-10 16:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-07-29 03:55 - 2007-10-10 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway System
2015-07-29 03:55 - 2007-10-10 16:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-29 03:53 - 2012-07-17 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-29 03:16 - 2010-12-22 02:55 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SoftGrid Client
2015-07-29 00:14 - 2014-10-30 00:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 00:13 - 2014-10-30 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-29 00:13 - 2014-10-30 00:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-29 00:12 - 2010-12-13 01:51 - 00000000 ____D C:\Users\Mike\Desktop\Mike
2015-07-22 17:18 - 2015-06-09 22:46 - 00000000 ____D C:\Program Files (x86)\Hard Disk Scrubber
2015-07-21 21:29 - 2010-12-12 03:40 - 00000000 ____D C:\Users\Mike\AppData\Local\Google
2015-07-19 21:59 - 2010-12-12 11:31 - 00000000 ____D C:\Users\Mike and Jen\AppData\Local\Google
2015-07-16 18:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-15 23:19 - 2015-04-13 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-15 23:19 - 2007-10-10 16:30 - 01000692 _____ C:\Windows\PFRO.log
2015-07-15 23:08 - 2014-01-28 01:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\DVDVideoSoft
2015-07-15 21:07 - 2015-05-17 22:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09110cd3ca41f.job
2015-07-13 22:58 - 2013-05-28 20:35 - 00003275 _____ C:\Windows\wininit.ini
2015-07-09 20:45 - 2014-11-16 11:05 - 00000000 ____D C:\Users\Mike and Jen\Desktop\iPhone photos
2015-07-09 20:35 - 2015-01-01 17:04 - 00000000 ____D C:\Users\Mike and Jen\Desktop\2014 Photos for Book
2015-07-06 15:55 - 2015-06-08 21:58 - 00000981 _____ C:\Users\Mike\Desktop\Securely File Shredder.lnk
==================== Files in the root of some directories =======
2014-10-24 16:57 - 2014-10-24 17:07 - 0000207 _____ () C:\Users\Mike\AppData\Roaming\da3e5653
2014-10-24 16:57 - 2014-10-24 16:57 - 0000010 _____ () C:\Users\Mike\AppData\Roaming\da3e5654
2010-12-16 02:31 - 2010-12-16 02:31 - 0000268 ___RH () C:\Users\Mike\AppData\Roaming\Internet Plug-Ins
2010-12-16 02:35 - 2010-12-16 02:35 - 0000268 ___RH () C:\Users\Mike\AppData\Roaming\Iterate Items
2014-10-28 20:39 - 2014-10-28 20:39 - 0000000 _____ () C:\Users\Mike\AppData\Roaming\seetla.dll
2014-10-28 20:40 - 2014-10-28 20:40 - 0000448 ____H () C:\Users\Mike\AppData\Roaming\麽鎒駓覜
2015-07-15 23:19 - 2015-07-15 23:19 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-02-02 15:38 - 2014-02-02 15:38 - 0211872 _____ () C:\ProgramData\1391369747.bdinstall.bin
2014-02-02 15:47 - 2014-02-02 15:47 - 0038733 _____ () C:\ProgramData\1391370456.bdinstall.bin
2014-02-02 15:49 - 2014-02-02 15:49 - 0098214 _____ () C:\ProgramData\1391370457.bdinstall.bin
2014-10-30 20:06 - 2014-11-16 01:45 - 0000000 _____ () C:\ProgramData\@system.temp
2014-10-28 20:40 - 2014-10-28 20:40 - 0000944 ____H () C:\ProgramData\@system2.att
2014-10-30 20:06 - 2014-11-15 23:33 - 0000256 ____H () C:\ProgramData\@system3.att
2013-12-29 22:07 - 2013-12-29 22:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-16 02:31 - 2010-12-16 02:31 - 0000268 ___RH () C:\ProgramData\Jazz Kit
2010-12-16 02:35 - 2010-12-16 02:35 - 0000268 ___RH () C:\ProgramData\Kernel Extension
2010-12-16 02:31 - 2010-12-17 11:25 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-12-16 02:35 - 2010-12-17 11:24 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-10-28 20:40 - 2014-10-28 20:40 - 0087200 _____ () C:\ProgramData\wrnhoah.tmp
Files to move or delete:
====================
C:\Users\Mike\HDScrub33.exe
C:\Users\Public\AlexaNSISPlugin.7712.dll

Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvfjyp.dll
C:\Users\Mike\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Mike\AppData\Local\Temp\sqlite3.dll
C:\Users\Mike\AppData\Local\Temp\{DBAF0F3B-5B46-4F5A-9EC0-1C8ED95916A1}.exe
C:\Users\Mike\AppData\Local\Temp\{F3058CFE-A9FC-46CA-B82A-22B539D2BBB8}.exe
C:\Users\Mike and Jen\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Mike and Jen\AppData\Local\Temp\{0EF0804A-5129-423C-862D-9A5E4A77D719}-GoogleUpdateSetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\seetla.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-27 03:18
==================== End of log ============================
Attached Files
File Type: txt Addition.txt (38.2 KB, 28 views)
flyersfan2292 is offline  
Sponsored Links
Advertisement
 
Old 07-30-2015, 11:02 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello flyersfan2292.

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-30-2015, 05:46 PM   #5
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\mike\music\itunes\itunes media\mobile applications\trivia crack 2.1.2.ipa
c:\users\mike\music\itunes\itunes media\music\311\evolver\03 crack the code.m4a
c:\users\mike\music\itunes\itunes media\music\stone temple pilots\core\11 crackerman.m4a
c:\users\mike\music\itunes\itunes media\music\stone temple pilots\mtv unplugged\01 crackerman.m4a
hosts 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
hosts 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
hosts 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
hosts 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
hosts 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
hosts 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com Adobe: Creative, marketing, and document management solutions cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com
scanner sequence 3.DI.11.UKAPCZ
----- EOF -----
flyersfan2292 is offline  
Old 07-30-2015, 07:00 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292. Can you explain the Adobe entries in your HOSTS file?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-30-2015, 07:27 PM   #7
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Hi Chemist,
I have no idea why those are there and what that means.
flyersfan2292 is offline  
Old 07-30-2015, 07:33 PM   #8
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Not sure if this is why but I believe when my PC originally became infected it was through a fake Java update or through some other process asking for an update.
flyersfan2292 is offline  
Old 07-31-2015, 01:41 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292. Malware doesn't create those entries. Have you or anyone else used Adobe Photoshop on this machine?

------------------------------------------------------

Since you already ran tools, and I don't know exactly what was there, and what was done, you may have to do a repair install, that will keep your files intact.

Your WMI is also disabled or corrupted, so you do have some major problems here that may not be fixable. Malicious malware sometimes does irreparable damage.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

It appears you have some remnants of AVG on your machine.

Please download AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avg_remover_stf_x64_2015_5501.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Reboot your computer if not prompted already.
  • Then delete avg_remover_stf_x64_2012_1796.exe and the avgremover.log from your desktop.
------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-4104458019-347564966-2216038930-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
    Task: {08512849-BCBD-4D6C-9377-EBAE0ECE0664} - \Norton WSC Integration No Task File <==== ATTENTION
    Task: {4841DBF6-AEA1-4047-A1A8-4A1DB38DCE1F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
    C:\Program Files (x86)\Norton Internet Security
    Task: {4E8EEDC5-9FD4-4D6A-8CAE-7C8ACBC959E7} - \{BF64FBE3-6A83-4B00-8C34-58CF67F1D64A} No Task File <==== ATTENTION
    FirewallRules: [TCP Query User{5E4D9900-C864-400F-A1BD-95E8C580E38D}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{AA59447D-2358-41C9-A8F4-6C39DF1E3CB6}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{E91E1585-9B7E-4599-8DFF-DB73EC5C7CA2}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{F20A4CB0-D121-4D47-BBFD-3BEB81AEDCE5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
    C:\program files (x86)\utorrent
    FirewallRules: [{D0BAEF37-9DC1-41E2-88B4-8904F524158D}] => (Allow) C:\Users\Mike\AppData\Local\Temp\7zS119D.tmp\SymNRT.exe
    FirewallRules: [{4B26B40A-029B-4E14-B501-7702BA62BB83}] => (Allow) C:\Users\Mike\AppData\Local\Temp\7zS119D.tmp\SymNRT.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
    GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [ibngedbinnjpbfcofdpaggmfddjcflie] - C:\ProgramData\ADDICT-THING\ibngedbinnjpbfcofdpaggmfddjcflie.crx [Not Found]
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
    C:\Users\Mike\HDScrub33.exe
    C:\Users\Public\AlexaNSISPlugin.7712.dll
    C:\Windows\System32\seetla.dll
    Hosts:
    Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" /s
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2015, 02:54 PM   #10
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



I did have Adobe Photoshop on here at one time. I will do a back up of all my files. I have an external drive. I will be unavailable till Sunday, so I probably won't be able to post a response till then. Thanks and I greatly appreciate your help.
flyersfan2292 is offline  
Old 07-31-2015, 02:57 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-03-2015, 03:26 AM   #12
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Ok, downloaded the AVG remover, it ran but said no files were found. Here is the result of the fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Mike (2015-08-03 00:17:18) Run:1
Running from C:\Users\Mike\Desktop\New folder
Loaded Profiles: Mike and Jen & Mike (Available Profiles: Mike and Jen & Mike)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4104458019-347564966-2216038930-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
Task: {08512849-BCBD-4D6C-9377-EBAE0ECE0664} - \Norton WSC Integration No Task File <==== ATTENTION
Task: {4841DBF6-AEA1-4047-A1A8-4A1DB38DCE1F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
C:\Program Files (x86)\Norton Internet Security
Task: {4E8EEDC5-9FD4-4D6A-8CAE-7C8ACBC959E7} - \{BF64FBE3-6A83-4B00-8C34-58CF67F1D64A} No Task File <==== ATTENTION
FirewallRules: [TCP Query User{5E4D9900-C864-400F-A1BD-95E8C580E38D}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AA59447D-2358-41C9-A8F4-6C39DF1E3CB6}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E91E1585-9B7E-4599-8DFF-DB73EC5C7CA2}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F20A4CB0-D121-4D47-BBFD-3BEB81AEDCE5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
C:\program files (x86)\utorrent
FirewallRules: [{D0BAEF37-9DC1-41E2-88B4-8904F524158D}] => (Allow) C:\Users\Mike\AppData\Local\Temp\7zS119D.tmp\SymNRT.exe
FirewallRules: [{4B26B40A-029B-4E14-B501-7702BA62BB83}] => (Allow) C:\Users\Mike\AppData\Local\Temp\7zS119D.tmp\SymNRT.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [ibngedbinnjpbfcofdpaggmfddjcflie] - C:\ProgramData\ADDICT-THING\ibngedbinnjpbfcofdpaggmfddjcflie.crx [Not Found]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
C:\Users\Mike\HDScrub33.exe
C:\Users\Public\AlexaNSISPlugin.7712.dll
C:\Windows\System32\seetla.dll
Hosts:
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" /s
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-4104458019-347564966-2216038930-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08512849-BCBD-4D6C-9377-EBAE0ECE0664}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08512849-BCBD-4D6C-9377-EBAE0ECE0664}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4841DBF6-AEA1-4047-A1A8-4A1DB38DCE1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4841DBF6-AEA1-4047-A1A8-4A1DB38DCE1F}" => key removed successfully
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"C:\Program Files (x86)\Norton Internet Security" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E8EEDC5-9FD4-4D6A-8CAE-7C8ACBC959E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E8EEDC5-9FD4-4D6A-8CAE-7C8ACBC959E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF64FBE3-6A83-4B00-8C34-58CF67F1D64A}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5E4D9900-C864-400F-A1BD-95E8C580E38D}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AA59447D-2358-41C9-A8F4-6C39DF1E3CB6}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E91E1585-9B7E-4599-8DFF-DB73EC5C7CA2}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F20A4CB0-D121-4D47-BBFD-3BEB81AEDCE5}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
"C:\program files (x86)\utorrent" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0BAEF37-9DC1-41E2-88B4-8904F524158D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B26B40A-029B-4E14-B501-7702BA62BB83} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found.
HKU\S-1-5-21-4104458019-347564966-2216038930-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found.
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key removed successfully
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibngedbinnjpbfcofdpaggmfddjcflie" => key removed successfully
avgtp => Service stopped successfully.
avgtp => service removed successfully
C:\Users\Mike\HDScrub33.exe => moved successfully.
C:\Users\Public\AlexaNSISPlugin.7712.dll => moved successfully.
C:\Windows\System32\seetla.dll => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
RPCSS REG_MULTI_SZ RpcEptMapper\0RpcSs
defragsvc REG_MULTI_SZ defragsvc
LocalSystemNetworkRestricted REG_MULTI_SZ UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0IPBusEnum\0hidserv\0dot3svc\0irmon\0sysmain\0PcaSvc\0homegrouplistener\0WPDBusEnum\0wlansvc\0TabletInputService
LocalService REG_MULTI_SZ nsi\0WdiServiceHost\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0sppuinotify\0THREADORDER\0netprofm\0lltdsvc\0fdphost\0SstpSvc\0WebClient
netsvcs REG_MULTI_SZ AeLookupSvc\0CertPropSvc\0SCPolicySvc\0lanmanserver\0gpsvc\0IKEEXT\0AudioSrv\0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Wmi\0WmdmPmSp\0TermService\0wuauserv\0BITS\0ShellHWDetection\0LogonHours\0PCAudit\0helpsvc\0uploadmgr\0iphlpsvc\0seclogon\0AppInfo\0msiscsi\0MMCSS\0winmgmt\0SessionEnv\0browser\0EapHost\0schedule\0hkmsvc\0wercplsupport\0ProfSvc\0Themes\0BDESVC
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS\0PLA\0BFE\0mpssvc\0WwanSvc
termsvcs REG_MULTI_SZ TermService
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0BthHFSrv\0LmHosts\0wscsvc\0homegroupprovider\0WPCSvc
LocalServicePeerNet REG_MULTI_SZ PNRPSvc\0p2pimsvc\0p2psvc\0PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV\0upnphost\0SCardSvr\0TBS\0fdrespub\0FontCache\0AppIDSvc\0QWAVE\0wcncsvc\0Mcx2Svc\0SensrSvc
DcomLaunch REG_MULTI_SZ Power\0PlugPlay\0DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0DNSCache\0lanmanworkstation\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
imgsvc REG_MULTI_SZ StiSvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
bthsvcs REG_MULTI_SZ bthserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup
ImpersonationLevel REG_DWORD 0x3
CoInitializeSecurityParam REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc
CoInitializeSecurityParam REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
AuthenticationCapabilities REG_DWORD 0x2000
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
AuthenticationCapabilities REG_DWORD 0x2000
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted
DefaultRpcStackSize REG_DWORD 0x40
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x1c

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
AuthenticationLevel REG_DWORD 0x6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
AuthenticationLevel REG_DWORD 0x6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC
CoInitializeSecurityParam REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv
CoInitializeSecurityParam REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc
CoInitializeSecurityParam REG_DWORD 0x1
CoInitializeSecurityAppID REG_SZ {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1



========= End of Reg: =========

EmptyTemp: => 23.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 01:42:21 ====
flyersfan2292 is offline  
Old 08-03-2015, 04:10 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-03-2015, 01:21 PM   #14
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



ComboFix 15-08-03.01 - Mike 08/03/2015 16:01:05.1.2 - x64
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\@system2.att
c:\programdata\@system3.att
c:\programdata\1391369747.bdinstall.bin
c:\programdata\1391370456.bdinstall.bin
c:\programdata\1391370457.bdinstall.bin
c:\programdata\wrnhoah.tmp
c:\users\Mike\AppData\Roaming\da3e5653
c:\users\Mike\AppData\Roaming\da3e5654
c:\users\Mike\AppData\Roaming\FrameworkUpdate7
c:\windows\7E6549DF9D4B8588.log
c:\windows\SysWow64\u
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-07-03 to 2015-08-03 )))))))))))))))))))))))))))))))
.
.
2015-08-03 04:09 . 2015-08-03 04:09 -------- d-----w- c:\users\Mike\AppData\Local\Avg2015
2015-07-31 03:03 . 2015-07-31 03:03 -------- d-----w- c:\programdata\TechUtilities64
2015-07-31 03:02 . 2015-07-31 03:02 -------- d-----w- c:\program files\Common Files\Apple
2015-07-31 01:11 . 2015-07-31 01:11 -------- d-----w- c:\programdata\REGUtilities
2015-07-30 02:46 . 2015-07-30 02:46 -------- d-----w- c:\program files\Bonjour
2015-07-30 02:46 . 2015-07-30 02:46 -------- d-----w- c:\program files (x86)\Bonjour
2015-07-30 01:54 . 2015-08-03 10:18 -------- d-----w- C:\FRST
2015-07-29 03:30 . 2015-07-29 07:55 -------- d-----w- c:\users\TEST
2015-07-17 02:08 . 2015-07-26 12:23 -------- d-----w- c:\users\Mike\AppData\Roaming\dvdcss
2015-07-17 02:07 . 2015-07-17 02:07 -------- d-----w- c:\users\Mike\AppData\Roaming\Digiarty
2015-07-17 02:07 . 2015-07-17 02:07 -------- d-----w- c:\program files (x86)\Digiarty
2015-07-16 03:17 . 2015-07-16 03:17 -------- d-----w- c:\programdata\SlySoft
2015-07-16 03:17 . 2015-07-16 03:17 -------- d-----w- c:\program files (x86)\SlySoft
2015-07-16 02:46 . 2015-07-16 02:46 -------- d-----w- c:\programdata\DVD Shrink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-31 03:06 . 2014-10-30 04:50 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-18 12:41 . 2014-10-30 04:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 12:41 . 2014-10-30 04:49 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41 . 2014-10-30 04:49 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-06-19 5524336]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-05-23 1694048]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-7-3 43871584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-4-29 434352]
WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-4-29 126176]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 cpuz134;cpuz134;c:\users\Mike\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Mike\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-30 02:07 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8d974b512993.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cff1ff432e5894.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d000f2c238795e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0415be7524d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d09110cd3ca41f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf63d05fe248.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
2015-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 16:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://flyers.nhl.com/
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: advancedmd.com
Trusted Zone: advancedmd.com\login
Trusted Zone: cbssports.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9srvv6an.default\
FF - prefs.js: browser.startup.homepage - hxxp://flyers.nhl.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-eSupport UndeletePlus_is1 - c:\program files (x86)\eSupport.com\eSupport UndeletePlus\unins000.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,2c,cb,55,5f,01,d0,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2015-08-03 16:13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-03 20:13
.
Pre-Run: 764,609,179,648 bytes free
Post-Run: 764,169,170,944 bytes free
.
- - End Of File - - 1E7EBC151E3043C47D338501C71B534B
flyersfan2292 is offline  
Old 08-03-2015, 06:43 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292. Any improvement?
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 7 Update 71

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2015, 05:51 PM   #16
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Ok, here are the two logs. I am attaching the ESET scan log because it found over 1500 threats and I figured would be way to big to copy and paste on here. Overall, system seems to have improved in speed. On a restart after a scan, I still did get the error about Windows being unable to install updates. I haven't tried to reinstall iTunes yet either.

MBAM log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/3/2015
Scan Time: 11:14 PM
Logfile: scan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.03.07
Rootkit Database: v2015.08.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Mike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 510902
Time Elapsed: 37 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Attached Files
File Type: txt eset.txt (380.6 KB, 24 views)
flyersfan2292 is offline  
Old 08-05-2015, 07:34 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292. What message or error code is given when you try Windows Update?

Quote:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please download the attached fixlist.txt and save it to same location where the FRST tool is located.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
------------------------------------------------------
Attached Files
File Type: txt fixlist.txt (149.4 KB, 33 views)
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-05-2015, 07:43 PM   #18
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



The error codes I get are 80040154 and 80080BC9 when trying to install Windows updates. Attached is the Fixlog.txt file. I tried reinstalling iTunes and I am still getting the same error message that ends with the code 0x8007054F.
Attached Files
File Type: txt Fixlog.txt (334.8 KB, 21 views)
flyersfan2292 is offline  
Old 08-06-2015, 04:58 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, flyersfan2292. Let's check your system files for corruption.

Go StartSearch and type cmd then right-click cmd.exe and choose 'Run as administrator'.

At the command prompt, type sfc /scannow and press 'Enter'(don't forget the space).

Do not close the command prompt until 100% verification is complete.

The scan results will pop up when finished. Let me know when you are done.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2015, 01:11 PM   #20
Registered Member
 
Join Date: Jul 2015
Posts: 13
OS: Windows 7 64 bit



Ok, so something new to report the last two days. I have a problem trying to start up my account. My theme goes back to the windows classic theme and I am unable to change it to anything else. All other options are grayed out. I get an error pop up that says "Failed to connect to a windows service".


I ran the scan, after it got to 100% it says Windows Resource Protection could not perform the requested operation.
flyersfan2292 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer runing to slow.
My comp HP Pavilion a1 123c opens any application or software slowly and internet sites also slow. OS X pro service pack3. System32. Total Physical Memory 1024 Mb. Available Ph. Mem.50.05Mb Total Virtual Mem. 2.00GB. Available Virtual Mem. 1.96Gb. I used AVG, Super antivirus free edition,...
Val852 Resolved HJT Threads 3 07-22-2013 07:35 PM
Windows XP PC unable to access internet or copy files
Hi - I have a Dell slimline PC running Windows XP that is slowly losing all functionality. I cannot load IE, Chrome has a message ERR 138 (Access Denied). I am unable to copy files from a USB stick and cannot remove certain programs (er McAfee) using the Add / Remove program utility. :facepalm: ...
NDWales Virus/Trojan/Spyware Help 54 07-15-2012 03:19 PM
Happili Virus Redirect
Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you. -ttvr4
ttvr4 Resolved HJT Threads 14 05-15-2012 11:47 AM
virus removal help
:smile::smile: thanks in advance for any help you can provide. i have been a member on the forum for a number of yrs, and you have helped me in the past. i started to see my pc slow down so i did all the standard (cleaning, delete all tmp files, etc) it did not help. then i notice that i was...
stroh Resolved HJT Threads 50 03-04-2012 07:06 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:10 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts